ArchLinux: Palemoon Installation Fails with “Unknown public key error”

Palemoon has been recently adopted by a new developer, who is not part of the official ArchDev team, resulting into an “unknown public key error” and refusing to install. Here is how to deal with it…

Introduction

Installation of aur/palemoon-bin went wrong due to an unknown public key error:

$ yaourt -S palemoon-bin
<OUTPUT-OMITTED>
==> Validating source files with sha256sums...
    palemoon.desktop ... Passed
==> Validating source_x86_64 files with sha256sums...
    palemoon-27.4.0.en-US.linux-x86_64.tar.bz2 ... Passed
    palemoon-27.4.0.en-US.linux-x86_64.tar.bz2.sig ... Skipped
==> Verifying source file signatures with gpg...
    palemoon-27.4.0.en-US.linux-x86_64.tar.bz2 ... FAILED (unknown public key 865E6C87C65285EC)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build palemoon-bin.
==> Restart building palemoon-bin ? [y/N]
==> -------------------------------------
==> n
==> ERROR: unable to update

The problem is that the package was signed by a non-Arch developer. Therefore, the GPG key is unknown to the system.

Solution

As an unprivileged (non-root) user, the following command can be executed in order to verify the key:

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --search-keys 865E6C87C65285EC
gpg: data source: https://18.9.60.141:443
(1)	trava90 
	  2048 bit RSA key 865E6C87C65285EC, created: 2015-03-15
Keys 1-1 of 1 for "865E6C87C65285EC".  Enter number(s), N)ext, or Q)uit > n

Import of the GnuPG key into (unprivileged) user’s database:

$ gpg --recv-keys 865E6C87C65285EC
gpg: key 865E6C87C65285EC: public key "trava90 " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Verification

Now, the installation works as expected:

$ yaourt -S palemoon-bin
<OUTPUT-OMITTED>
==> Validating source files with sha256sums...
    palemoon.desktop ... Passed
==> Validating source_x86_64 files with sha256sums...
    palemoon-27.4.0.en-US.linux-x86_64.tar.bz2 ... Passed
    palemoon-27.4.0.en-US.linux-x86_64.tar.bz2.sig ... Skipped
==> Verifying source file signatures with gpg...
    palemoon-27.4.0.en-US.linux-x86_64.tar.bz2 ... Passed
<OUTPUT-OMITTED>

As simple as that.

References

More info available on official wiki pages of ArchLinux:

Advertisements
This entry was posted in Browser, Linux and tagged , , , , , . Bookmark the permalink.