linux-app
linux-app copied to clipboard
Cannot import PGP keys for the Arch AUR package
When attempting to install the https://aur.archlinux.org/packages/protonvpn-gui/ package via yay
I see the following issue:
:: PGP keys need importing:
-> A884 41BD 4864 F95B EE08 E63A 71EB 4740 1994 0E11, required by: python-proton-client python-protonvpn-nm-lib protonvpn-gui
==> Import? [Y/n]
:: Importing keys with gpg...
gpg: keyserver receive failed: No name
problem importing keys
Hey @Thalley
This is mentioned on our support page: https://protonvpn.com/support/official-linux-client-arch/ (check the Notes)
Hey @Thalley
This is mentioned on our support page: https://protonvpn.com/support/official-linux-client-arch/ (check the Notes)
Hi @calexandru2018 I've followed the steps. The issue I encountered was that the I would get the above if I tried to import it via yay
. When I did a manual import and declined the input choice in yay
it worked.
I would argue that this issue should be kept open, because automatic import of the keys should be possible.
I'm not sure that I fully understood what you meant here:
The issue I encountered was that the I would get the above if I tried to import it via yay. When I did a manual import and declined the input choice in yay it worked.
Could you please explain with a bit more of detail ?
@calexandru2018 If I try to install protonvpn-gui via yay
and press Y
when yay
asks for import (==> Import? [Y/n]
), it still fails with the above error. Only if I press n
and use the manually imported keys it works.
yay
should be able to import the keys and use those.
I see. Well correct, yay should do that but the the problem is that our keys are officially available on our webpage/kb and also here: https://keys.openpgp.org/search?q=opensource%40proton.me (which certain distros point at)
Given that packages are installed from AUR, unless users have configured a specific keyserver that they trust, keys should be installed manually for security measures.
I see. Well correct, yay should do that but the the problem is that our keys are officially available on our webpage/kb and also here: https://keys.openpgp.org/search?q=opensource%40proton.me (which certain distros point at)
Given that packages are installed from AUR, unless users have configured a specific keyserver that they trust, keys should be installed manually for security measures.
So it is by design? I guess that somewhat makes sense - It's just uncommon to handle keys manually when installing AUR packages.
If this is indeed by design, and there's no plans to change that, I guess this issue can be closed, but perhaps with a link from https://aur.archlinux.org/packages/protonvpn-gui/ to this issue as many of the comments are related to this.
@Thalley to clarify:
- Each distro often comes preconfigured with certain keyservers
- Each keyserver contains gpg keys which literally anyone can upload
- Given the quantity of keyservers, it can get hard to track where all key are stored or who uploaded them
- At this point, we provide two solutions:
- If your machine is pointing to keys.opengpg.org, then the key can be automatically fetched *
- Else you can follow our instructions: https://protonvpn.com/support/official-linux-client-arch/
- And the only reason we have it there in the first place was because someone had uploaded a different gpg key with our information.
And this is specific to AUR, because as soon as you start installing software from the official Arch/Manjaro repos you usually don't have to worry about it, as you install pre-packages binaries.