April 7th 2018

archlinux, linux

AUR installation: PGP signatures could not be verified


When trying to build an [AUR][1] package, i got this error:

==> Verifying source file signatures with gpg...
freetype-2.9.tar.bz2 ... FAILED (unknown public key C1A60EACE707FDA5)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build freetype2-cleartype.

According to some web searches, the proper fix is this:

gpg --recv-keys 0xC1A60EACE707FDA5
# or
gpg --recv-keys C1A60EACE707FDA5

But I keep getting the error:

gpg: no valid OpenPGP data found.

Semi-extensive web searches did not reveal what is wrong with that; maybe I'm making some silly mistake, but my guess is that the key is somehow outdated/unavailable.
[ No doubt to some I have proven my utter incompetence with that last sentence. ]

The Fix

Instead of fretting, just run makepkg like this:

makepkg --skippgpcheck

The easy fix for those who use yaourt (more incompetence to some):

MAKEPKG="makepkg --skippgpcheck" yaourt -S somepackage