Closed gkrivdyuk closed 6 years ago
Problem with the key validation
Thanks for the report. sudo's maintainer indeed changed the signature file and signed it with the new key documented in https://www.sudo.ws/download.html. I have updated the PKGBUILD accordingly, in https://github.com/archlinuxhardened/selinux/commit/0e6bdb23562012de9bf79440de3c1052ac36f095 and https://aur.archlinux.org/cgit/aur.git/commit/?h=sudo-selinux&id=0e6bdb23562012de9bf79440de3c1052ac36f095 .
Checking buildtime dependencies... ==> Retrieving sources... -> Found sudo-1.8.21p2.tar.gz -> Found sudo-1.8.21p2.tar.gz.sig -> Found sudo.pam ==> Validating source files with sha256sums... sudo-1.8.21p2.tar.gz ... Passed sudo-1.8.21p2.tar.gz.sig ... Skipped sudo.pam ... Passed ==> Verifying source file signatures with gpg... sudo-1.8.21p2.tar.gz ... FAILED (invalid public key 59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB) ==> ERROR: One or more PGP signatures could not be verified! [ blackarch selinux ]$