Package Details: i2p 2.7.0-1

Git Clone URL: https://aur.archlinux.org/i2p.git (read-only, click to copy)
Package Base: i2p
Description: A distributed anonymous network
Upstream URL: https://geti2p.net
Keywords: anonymous censorship encrypted i2p network
Licenses: GPL2
Conflicts: i2p-bin, i2p-dev
Submitter: Mikos
Maintainer: Salama
Last Packager: Salama
Votes: 318
Popularity: 0.59
First Submitted: 2005-09-04 19:46 (UTC)
Last Updated: 2024-10-09 18:13 (UTC)

Dependencies (4)

Sources (9)

Pinned Comments

Salama commented on 2023-04-01 09:18 (UTC) (edited on 2024-06-24 12:01 (UTC) by Salama)

You can download the keys from https://geti2p.net/_static/idk.key.asc and https://geti2p.net/_static/zzz.key.asc then gpg --import

Latest Comments

« First ‹ Previous 1 .. 7 8 9 10 11 12 13 14 15 16 17 .. 27 Next › Last »

skydrome commented on 2015-01-31 22:28 (UTC)

http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux also has a bit more information

skydrome commented on 2015-01-31 22:16 (UTC)

Ok this is getting a little "ubuntuish" if you will. I haven't touched my pgp configuration since zzz changed his signing key a very long time ago yet: ==> Verifying source file signatures with gpg... i2psource_0.9.17.tar.bz2 ... Passed now will everyone experiencing issues with verifying the source please please please make your way to the arch wiki and read about how to trust a key. Zkai has posted the exact two links for you all multiple times. And dont stop there, keep reading the entire wiki.

socrat commented on 2015-01-31 04:04 (UTC)

@zkai As I mentioned earlier I did make public keys and allowed autofetching of keys in addition to adding a keyserver. I still get i2psource_0.9.17.tar.bz2 ... FAILED (the public key 2D3D2D03910C6504C1210C65EE60C0C8EE7256A8 is not trusted) upon trying to add the key manually with gpg --import i2p-sign.key I get gpg: no valid OpenPGP data found. gpg: Total number processed: 0 So as SirSloth mentioned we are trying to find a soulution even if temporary and I already know its a bad practice to disable signchecking,this is my first try at i2p and I just wanted to try it.If the building doesnt work lot of people would be discouraged to try it. If you still think we are doing something wrong please elaborate more than your vague comment which we have read before and tried.Maybe it is missing certain steps,or maybe there is a bug somewhere.

<deleted-account> commented on 2015-01-31 00:54 (UTC)

With all due respect, Zkai, what you posted is not a fix. I would also like to inform you that using your work-around did not work for me, either. It was one of the first things I did before making my comment since I've had to do this before with other files. It will work if I download the I2P tar myself and verify it, but does not work if I let pacman or yaourt download the package, which is how I want to install and manage the program. Please note that we are trying to help the maintainer and other users here, not disrespect our fellow Arche users.

zkai commented on 2015-01-30 13:34 (UTC)

To the maintainer: Thank you. To all the people that have been committing here recently: I am glad you are not the maintainer. I even posted a comment how to install this properly. Yeah, the maintainer probably should put some comments in the pkgbuild file (if that is part of Archlinux's style guide) like something I posted in my previous comment, but the whole point of the sig is that you verify that the source code. The whole point of why you would use I2P is based on security and has a foundation on these basic checks. How do you know the government, your ISP, or someone else hasn't modified the code? You would not that is the point of the sig files. You should not use I2P, you will just make the community look bad. Yet again here is the way that you can keep the sig files and build from verified source code. ============================================================================== If you get a error about unknown public key you will need to either download and manually add the public key manually from a trusted location or follow this tip. Then you will need to sign it to trust it pacman-key --lsign-key <key id> . This is assuming that you have already created local keys. https://wiki.archlinux.org/index.php/GnuPG#Create_key Tip: To allow makepkg to fetch keys as needed from the keyserver automatically, uncomment the option keyserver-options auto-key-retrieve in the ~/.gnupg/gpg.conf configuration file. https://wiki.archlinux.org/index.php/makepkg#Signature_checking

socrat commented on 2015-01-30 12:56 (UTC)

I removed all lines relating to signature checking & downloading of i2psource_0.9.17.tar.bz2.sig and the skip in sh256. and compiled it successfully . Those are 3 lines "${_url}/i2psource_${pkgver}.tar.bz2.sig" from source "http://echelon.i2p/${pkgver}/i2psource_${pkgver}.tar.bz2.sig" from fetch and 'SKIP' from sha256 sums

<deleted-account> commented on 2015-01-30 06:04 (UTC)

I can confirm what Socrat says. The key referenced by the error seems to be for a 0.7 version of I2P. Maybe the PKGBUILD just needs to be tweaked?

socrat commented on 2015-01-29 03:58 (UTC)

Sorry for flagging this ood.You can unflag it again. The problem is only with the signing key. I had to uncomment the option keyserver-options auto-key-retrieve in the ~/.gnupg/gpg.conf and add a keyserver for it to run. However I still have a problem with it since the key couldnt be verified. I also tried getting the key directly issuing the following command $ gpg --recv-keys 0xEE7256A8 but im still encountering this error. gpg: keyserver receive failed: No data Also tried adding the key directly by gpg --import i2p.key Where I copied it directly from i2p website and I was encountered with this gpg: no valid OpenPGP data found. gpg: Total number processed: 0 I hope you could bypass these in the future

« First ‹ Previous 1 .. 7 8 9 10 11 12 13 14 15 16 17 .. 27 Next › Last »