Have you checked previous issues?
Yes, this does not appear to be reported yet.
Paru does not attempt to import pgp keys, when multiple AUR packages are being installed. Key check fails automatically, and the package installation is skipped.
Output
Include the FULL output of any relevant commands/configsparu. Full system upgrade, multiple packages available
==> Making package: spotify 1:1.1.72.439-3 (Sat 11 Dec 2021 02:27:08 PM CET)
==> Retrieving sources...
-> Found spotify.protocol
-> Found LICENSE
-> Found spotify-1.1.72.439-x86_64.deb
-> Downloading spotify-1.1.72.439-3-Release...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2447 100 2447 0 0 10930 0 --:--:-- --:--:-- --:--:-- 10924
-> Downloading spotify-1.1.72.439-3-Release.sig...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 6716 0 --:--:-- --:--:-- --:--:-- 6772
-> Downloading spotify-1.1.72.439-3-x86_64-Packages...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1210 100 1210 0 0 12981 0 --:--:-- --:--:-- --:--:-- 13010
==> Validating source files with sha512sums...
spotify.protocol ... Passed
LICENSE ... Passed
spotify-1.1.72.439-x86_64.deb ... Passed
spotify-1.1.72.439-3-Release ... Skipped
spotify-1.1.72.439-3-Release.sig ... Skipped
spotify-1.1.72.439-3-x86_64-Packages ... Skipped
==> Verifying source file signatures with gpg...
spotify-1.1.72.439-3-Release ... FAILED (unknown public key 5E3C45D7B312C643)
==> ERROR: One or more PGP signatures could not be verified!
error: failed to download sources for 'spotify-1:1.1.72.439-3':
Same request, when only one package is available
: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
:: Starting full system upgrade...
there is nothing to do
:: Looking for AUR upgrades
:: Looking for devel upgrades
:: Resolving dependencies...
:: Calculating conflicts...
:: Calculating inner conflicts...
Aur (1) spotify-1:1.1.72.439-3
:: Proceed to review? [Y/n]: y
:: Downloading PKGBUILDs...
PKGBUILDs up to date
nothing new to review
:: keys need to be imported:)
F9A211976ED662F00E59361E5E3C45D7B312C643 wanted by: spotify-1:1.1.72.439-3
:: import? [Y/n]: y
gpg: key 5E3C45D7B312C643: public key "Spotify Public Repository Signing Key <tux@spotify.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
fetching devel info...
==> Making package: spotify 1:1.1.72.439-3 (Sat 11 Dec 2021 02:27:57 PM CET)
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#CleanMethod = KeepInstalled
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
Color
#NoProgressBar
CheckSpace
VerbosePkgLists
ParallelDownloads = 10
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
[multilib]
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
Affected Version
paru -V paru v1.9.2 - libalpm v13.0.1
Description
Have you checked previous issues? Yes, this does not appear to be reported yet. Paru does not attempt to import pgp keys, when multiple AUR packages are being installed. Key check fails automatically, and the package installation is skipped.
Output
Include the FULL output of any relevant commands/configs
paru
. Full system upgrade, multiple packages availableSame request, when only one package is available
Full uncropped output (other packages included) here: https://termbin.com/fdya
Paru config left unedited, in default location.
pacman.conf