8000 GPG verification fails in sudo · Issue #228 · vn971/rua · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
GPG verification fails in sudo #228
New issue
New issue
Open
Open
GPG verification fails in sudo#228
@vehlwn

Description

@vehlwn
vehlwn
opened on Aug 27, 2024

rua 0.19.10

I want to create a separate user for rua because I don't want it clutter my home gpg keyring, but now I cannot install aur packages requiring gpg source verification (e.g. hplip-plugin). It says

Verifying source file signatures with gpg...
hplip-3.24.4-plugin.run ... FAILED (unknown public key 73D770CDA59047B9)

even if I import the key manually: gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ABA2F66DBD5A95894910E0673D770CDA59047B9

Example:

$ sudo useradd -mG wheel aurbuilder
$ sudo passwd aurbuilder
$ sudo -u aurbuilder gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ABA2F66DBD5A95894910E0673D770CDA59047B9
gpg: directory '/home/aurbuilder/.gnupg' created
gpg: /home/aurbuilder/.gnupg/trustdb.gpg: trustdb created
gpg: key 73D770CDA59047B9: public key "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

$ sudo -u aurbuilder gpg -k 73D770CDA59047B9
pub   dsa1024 2009-12-15 [SC]
      4ABA2F66DBD5A95894910E0673D770CDA59047B9
uid           [ unknown] HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>
sub   elg2048 2009-12-15 [E]

$ sudo -u aurbuilder rua install hplip-plugin
...
==> Verifying source file signatures with gpg...
    hplip-3.24.4-plugin.run ... FAILED (unknown public key 73D770CDA59047B9)
==> ERROR: One or more PGP signatures could not be verified!

But yay inside sudo works well. It successfully verifies the package:

Verifying source file signatures with gpg...
hplip-3.24.4-plugin.run ... Passed

I can also run gpg manually:

$ sudo -u aurbuilder -i
[aurbuilder] $ gpg --verify hplip-3.24.4-plugin.run.asc
gpg: assuming signed data in 'hplip-3.24.4-plugin.run'
gpg: Signature made Ср 22 мая 2024 04:57:54 UTC
gpg:                using DSA key 4ABA2F66DBD5A95894910E0673D770CDA59047B9
gpg: Good signature from "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4ABA 2F66 DBD5 A958 9491  0E06 73D7 70CD A590 47B9

I found similar issue in aura: fosskers/aura#606. Is it related?

PS: Without sudo rua works fine. But I don't want deprecated keys with DSA and SHA1 in my keyring.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0