Well, the --skipgpgcheck failed for me, so I found a solution for adding the PGP key manually in the German Manjaro forum: https://de.manjaro.org/index.php?topic=4112.0 (The post is about a year old but it still worked for me)
You should copy the content of the key from http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x702353E0F7E48EDB (starting with the "-----BEGIN" part, of course) into a file and then run: gpg --import <filename>
(and check that it's there with gpg --list-keys)
After that you should be able to install the package as usual (e.g. from the package manager). I have successfuly tried it in Manjaro
Search Criteria
Package Details: ncurses5-compat-libs 6.5-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/ncurses5-compat-libs.git (read-only, click to copy) |
|---|---|
| Package Base: | ncurses5-compat-libs |
| Description: | System V Release 4.0 curses emulation library, ABI 5 |
| Upstream URL: | http://invisible-island.net/ncurses/ncurses.html |
| Licenses: | MIT |
| Conflicts: | libtinfo5 |
| Provides: | libtinfo5 |
| Submitter: | Barthalion |
| Maintainer: | micwoj92 |
| Last Packager: | micwoj92 |
| Votes: | 590 |
| Popularity: | 2.15 |
| First Submitted: | 2015-09-18 21:03 (UTC) |
| Last Updated: | 2024-07-16 20:06 (UTC) |
Dependencies (3)
- gcc-libs (gcc-libs-gitAUR, gccrs-libs-gitAUR, gcc11-libsAUR, gcc-libs-snapshotAUR)
- glibc (glibc-gitAUR, glibc-linux4AUR, glibc-eacAUR, glibc-eac-binAUR, glibc-eac-rocoAUR)
- sh (dashbinshAUR, bash-devel-static-gitAUR, zshbinshAUR, bash-devel-gitAUR, busybox-coreutilsAUR, bash-gitAUR, bash)
Required by (116)
- adom
- agbplay
- android-devel
- android-emulator-canary
- android-ndk (optional)
- android-ndk-10e
- android-ndk-11c
- android-ndk-14b
- android-ndk-16b
- android-ndk-16b-opt
- android-ndk-25 (optional)
- android-ndk-26 (optional)
- android-ndk-beta (optional)
- android-ndk-r17c
- android-ndk-r18b
- android-sdk-build-tools-25
- android-sdk-build-tools-25.0.1
- android-sdk-build-tools-25.0.3
- android-studio (optional)
- android-studio-beta (optional)
- android-studio-dummy (optional)
- android-studio-for-platform (optional)
- android-studio-system (optional)
- aosp-devel
- c0
- c0-bin
- ccstheia
- ccstudio
- checkra1n-gui
- computecpp
- couchbase4-server-community
- cowdancer
- cubrid
- cydia-impactor
- fbc-git (make)
- fdr (requires libtinfo5)
- frozendepths
- ftop
- futhark-bin
- galfit
- genode-toolchain-bin
- ghc7.10-bin
- ghc7.4-bin
- ghc7.6-bin
- ghc7.8-bin
- ghc8.0-bin
- ghc8.2-bin
- ghc8.4-bin
- ghc8.6-bin
- ghc8.8-bin
- ghcup-hs-bin (optional)
- ghcup-hs-static-git (optional)
- hamler-bin
- hledger-bin
- hledger-ui-bin
- hledger-web-bin
- hpltt
- infer-bin
- kotlin-native
- kotlin-native-git
- lexmark-08z
- libdecsync (make)
- linkserver
- linpac-git
- llvm-rc-bin
- local-by-flywheel-bin
- mangband
- matterhorn-bin
- maxx-desktop
- maya
- megacli
- mun-bin
- nodejs-elm (optional)
- nodejs-spago
- omega
- orca-c-git
- pact
- passmark-performancetest-bin
- pem-heart-signature
- petalinux
- plecs-blockset
- plecs-standalone
- poplog
- poplog-git
- prospector
- purescript-bin
- python-nbstata
- python-taichi
- quartus-free-quartus
- quartus-free-questa
- rpcs3-bin
- savage2
- saw-script
- scilab-bin
- simplicitystudio5-bin
- stack-static (optional)
- stata
- stm32cubeide
- sunloginclient-cli
- swift-bin-development
- taskell-bin
- tnt-bio
- tnt-extra
- tnt-gui
- tnt-mpi
- truestudio
- txm-bin
- vitis
- vivado
- vmware-workstation11
- vmware-workstation12
- vmware-workstation14
- wake-git
- xilinx-ise
- xplor-nih
- yt-bin
Sources (2)
spc90 commented on 2016-10-10 00:02 (UTC) (edited on 2016-10-10 00:03 (UTC) by spc90)
sanduo commented on 2016-10-09 02:59 (UTC)
I tried sudo gpg --keyserver pgp.mit.edu --recv-keys 702353E0F7E48EDB
but it didn't work
result show:
gpg: key 702353E0F7E48EDB: "Thomas Dickey <dickey@invisible-island.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
daddyodevil commented on 2016-09-28 12:41 (UTC) (edited on 2016-09-28 12:42 (UTC) by daddyodevil)
Tried
gpg --keyserver pgp.mit.edu --recv-keys 702353E0F7E48EDB
Didn't work, was still giving verify package at makepkg. But this was working even yesterday, did it a few times for a MATLAB install in a few Manjaro machines. Don't know why it did't work in my Arch. Did it with makepkg --skippgpcheck.
Maybe this is new because of this
http://web.mit.edu/network/pgp.html
WoefulDerelict commented on 2016-08-23 15:28 (UTC)
It should not be necessary to specify --keyserver if you have properly configured GnuPG. Please see the wiki article and check ~/.gnupg/gpg.conf to see that everything is set up before attempting to use GnuPG and you will find it much less problematic. Your gpg.conf should contain at least one keyserver entry pointing to a keyserver you can reach reliably. If you find this process troublesome I strongly suggest adding auto-key-retrieve to the keyserver-options in your gpg.conf and saving yourself the headache in the future or using --skippgpcheck.
nolche commented on 2016-08-23 02:04 (UTC)
This worked for me too:
gpg --keyserver pgp.mit.edu --recv-keys 702353E0F7E48EDB
eduardolucioac commented on 2016-08-16 20:33 (UTC)
The PGP "C52048C0C0748FEE227D47A2702353E0F7E48EDB" no longer works (not accessible). See http://web.mit.edu/network/pgp.html link for more details. The solution is to use "--skippgpcheck" on the command "yaourt --m-arg "--skippgpcheck" -Sb ncurses5-compat-libs" that bypasses the PGP verification.
defstryker commented on 2016-08-08 23:10 (UTC)
Building up on what I read below, this worked for me.
gpg --keyserver pgp.mit.edu --recv-keys 702353E0F7E48EDB
dschrempf commented on 2016-08-01 08:37 (UTC)
I also ahve this problem.
I could not do
gpg --verify ncurses-6.0.tar.gz.sig
as suggested by fsimon because there is no public key.
I also could not import the key with
gpg --recv-keys F7E48EDB
because the key server is not available.
fsimon commented on 2016-07-31 12:21 (UTC)
I had the same problem. In my case trustdb was corrupt which was indicated when attempting to verify the signature with gpg:
gpg --verify ncurses-6.0.tar.gz.sig
Following the instructions from gpg output and importing the key again resolved the problem for me.
Pinned Comments
WoefulDerelict commented on 2016-05-23 19:35 (UTC) (edited on 2018-08-18 20:22 (UTC) by WoefulDerelict)
This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developers located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/
Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver This article also contains helpful information describing the installation of GnuPG, its configuration and usage.
Execute the following to import keys using gpg:
gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>The PGP signature check can be skipped by passing --skippgpcheck to makepkg.
Consult the makepkg manual page for a full list of options. [https://www.archlinux.org/pacman/makepkg.8.html]