When building packages from the AUR, an Arch User will encounter the following error:
ERROR: One or more PGP signatures could not be verified
This error shows that the signature, used to sign the released PKGBUILD, is not known to your system. Let’s fix the PGP signature on AUR packages!

Importing the PGP signature

The solution here is to import the expected PGP signature into your systems public key ring. Arch uses the GnuPG implementation of the OpenPGP standard, as defined by RFC 4880 (also known as PGP).

To find out which key you need to import, you should look for the 'validpgpkeys' array in PKGBUILD:

Fixing ERROR: One or more PGP signatures could not be verified by importing given public key
Fixing the PGP signature verification on AUR packages by importing given public key

Copy this key and then run the following, where you replace the placeholder with your copied value:

gpg --recv-keys <KEY_FROM_ARRAY>
Code language: HTML, XML (xml)

Now, you should be able to build your package!

If you want to learn more, checkout my other tutorials for Arch Linux.

Leave a Reply

Your email address will not be published.