cygport and gpg

Brian Dessent
Sat Dec 6 17:20:00 GMT 2008

Ken Brown wrote:

> I don't use gpg, but a look at the documentation suggests that I'm
> supposed to import a public key.  Should the key have been included with
> the source package?  I didn't see it there.

No, keys are available from keyservers.  You ought to be able to import
it automatically with "gpg --search-keys 671B682D".  If that doesn't
work then you might need to configure a keyserver but I'm pretty sure
gpg ships with a default one preset.

It appears that in recent versions (0.9.1 and on) of cygport, failure to
verify has been made informational and not fatal.  But trunk versions of
cygport are for cygwin 1.7 only so it looks like 1.5 will only ever see

Anyway, it's just a script.  You can edit the line in __gpg_verify where
it invokes gpg --verify to add "|| true" on the end if you can't import
the key.  Or you can just remove the .sig file, or rename it to some
other extension so it's not seen.

> A google search turned up a similar gpg error message in
> , but that
> post never got a response.

In that message the failure to verify was just informational (using
0.9.x), the actual problem that caused the build to fail was the
inability for rsync to copy the source tree successfully.  So,


Unsubscribe info:
Problem reports:

More information about the Cygwin mailing list