Open vehlwn opened 2 months ago
I managed to workaround it with GNUPGHOME
variable:
$ mkdir ~/.rua-gnupg
$ chmod 700 ~/.rua-gnupg
$ GNUPGHOME=~/.rua-gnupg gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ABA2F66DBD5A95894910E0673D770CDA59047B9
gpg: key 73D770CDA59047B9: public key "HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ GNUPGHOME=~/.rua-gnupg gpg -k
/home/vehlwn/.rua-gnupg/pubring.kbx
--------------------------------
pub dsa1024 2009-12-15 [SC]
4ABA2F66DBD5A95894910E0673D770CDA59047B9
uid [ unknown] HPLIP (HP Linux Imaging and Printing) <hplip@hp.com>
sub elg2048 2009-12-15 [E]
$ GNUPGHOME=~/.rua-gnupg rua install hplip-plugin
...
==> Verifying source file signatures with gpg...
hplip-3.24.4-plugin.run ... Passed
...
rua 0.19.10
I want to create a separate user for rua because I don't want it clutter my home gpg keyring, but now I cannot install aur packages requiring gpg source verification (e.g. hplip-plugin). It says
even if I import the key manually:
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ABA2F66DBD5A95894910E0673D770CDA59047B9
Example:
But yay inside sudo works well. It successfully verifies the package:
I can also run gpg manually:
I found similar issue in aura: https://github.com/fosskers/aura/issues/606. Is it related?
PS: Without sudo rua works fine. But I don't want deprecated keys with DSA and SHA1 in my keyring.