Hi Ludo’, Thanks for updating the topic! :-)
Quoting Ludovic Courtès (2022-04-18 22:24:00) > Tanguy LE CARROUR <tan...@bioneland.org> skribis: > > > $ ./pre-inst-env guix refresh -u gnurl > > > > Starting download of /tmp/guix-file.NqJa4t > > From https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.72.0.tar.gz... > > following redirection to > > `https://mirrors.ocf.berkeley.edu/gnu/gnunet/gnurl-7.72.0.tar.gz'... > > …2.0.tar.gz 3.3MiB 3.1MiB/s 00:01 [##################] > > 100.0% > > > > Starting download of /tmp/guix-file.VXn0IS > > From https://ftpmirror.gnu.org/gnu/gnunet/gnurl-7.72.0.tar.gz.sig... > > following redirection to > > `https://mirrors.ocf.berkeley.edu/gnu/gnunet/gnurl-7.72.0.tar.gz.sig'... > > …0.tar.gz.sig 833B 654KiB/s 00:00 [##################] > > 100.0% > > gpgv: Signature made Wed 16 Sep 2020 22:30:16 CEST > > gpgv: using RSA key 6115012DEA3026F62A98A556D6B570842F7E7F8D > > gpgv: Can't check signature: No public key > > Would you like to add this key to keyring > > '/home/tanguy/.config/guix/upstream/trustedkeys.kbx'? > > yes > > gpg: keyserver receive failed: No data > > This indicates that ‘guix refresh’ failed to download the relevant GPG > key from the default key server, the one that appears in > ~/.gnupg/dirmngr.conf (if it exists). > > That’s unfortunately often the case these days. :-/ This key appears to > be on keys.openpgp.org, but it lacks a “user ID” packet and so gpg > ignores it (for no good reason): > > --8<---------------cut here---------------start------------->8--- > $ gpg --no-default-keyring --keyring > /home/ludo/.config/guix/upstream/trustedkeys.kbx --keyserver keys.openpgp.org > --recv-keys 6115012DEA3026F62A98A556D6B570842F7E7F8D > gpg: key D6B570842F7E7F8D: no user ID > gpg: Total number processed: 1 > $ gpg --no-default-keyring --keyring > /home/ludo/.config/guix/upstream/trustedkeys.kbx --list-keys > 6115012DEA3026F62A98A556D6B570842F7E7F8D > gpg: error reading key: No public key > --8<---------------cut here---------------end--------------->8--- > > I’m not sure what a good solution is (other than looking for the key > manually on Savannah or on some random key server). Sorry it took me so long to answer! Actually, Nikita answered this question on a thread on GNUnet's mailing list: https://lists.gnu.org/archive/html/gnunet-developers/2022-04/msg00030.html The end of the discussion is off list. The key used to sign the package is deprecated and not to be used any more/any where. The proper solution should come from GNUnet, but maybe, we could bypass the key verification in Guix. Or, I could clone the repo, claim ownership and sign a new package myself. But that doesn't look like a good/fair solution to me! Thoughts?! Regards, -- Tanguy
