search

Kwpolska / pkgbuilder

An AUR helper (and library) in Python 3.
http://pkgbuilder.rtfd.org/
BSD 3-Clause "New" or "Revised" License
69 stars 13 forks source link

FR: AUR packages with GPG signatures #33

Closed notnotrandom closed 9 years ago

notnotrandom commented 9 years ago

As explained by Allan Mcrae here, when installing AUR packages which come with a GPG signature, if the user is to avoid importing and locally signing all the relevant GPG keys (from the package developers), then something like validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF') has to be added to the PKGBUILD.

Currently, if a package as a GPG sig (e.g. tor-browser-en), makepkg will fail to verify the signature, and thus pkgbuilder will fail to build the package. Could it be possible (and what level of effort would be required) to add a prompt, that allows the user to confirm if a GPG key with the fingerprint in the PKGBUILD is to be regarded as trusted? (And if the answer is 'yes', to add the validpgpkeys=... line to the PKGBUILD on the fly).

notnotrandom commented 9 years ago

Please disregard this, I was totally missing the point...