Ken Brown wrote: > I don't use gpg, but a look at the documentation suggests that I'm > supposed to import a public key. Should the key have been included with > the source package? I didn't see it there.
No, keys are available from keyservers. You ought to be able to import it automatically with "gpg --search-keys 671B682D". If that doesn't work then you might need to configure a keyserver but I'm pretty sure gpg ships with a default one preset. It appears that in recent versions (0.9.1 and on) of cygport, failure to verify has been made informational and not fatal. But trunk versions of cygport are for cygwin 1.7 only so it looks like 1.5 will only ever see 0.4.x. Anyway, it's just a script. You can edit the line in __gpg_verify where it invokes gpg --verify to add "|| true" on the end if you can't import the key. Or you can just remove the .sig file, or rename it to some other extension so it's not seen. > A google search turned up a similar gpg error message in > http://www.cygwin.com/ml/cygwin-apps/2008-10/msg00075.html , but that > post never got a response. In that message the failure to verify was just informational (using 0.9.x), the actual problem that caused the build to fail was the inability for rsync to copy the source tree successfully. So, unrelated. Brian -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/