错误：arch linux无法验证一个或多个PGP签名

我最近改用了基于Arch的发行版本Manjaro。

我从aur arch存储库安装一些软件包时遇到问题

    curl-7.54.0.tar.gz ... Passed
    curl-7.54.0.tar.gz.asc ... Skipped
==> Verifying source file signatures with gpg...
    curl-7.54.0.tar.gz ... FAILED (unknown public key 5CC908FDB71E12C2)
==> ERROR: One or more PGP signatures could not be verified!

我需要怎么做才能解决此问题？

一旦有了本地gpg密钥对，就可以将未知密钥导入本地用户密钥集。就我而言，密钥5CC908FDB71E12C2需要按以下方式导入。

$ gpg --recv-keys 5CC908FDB71E12C2
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: key 5CC908FDB71E12C2: 8 signatures not checked due to missing keys
gpg: /home/aaron/.gnupg/trustdb.gpg: trustdb created
gpg: key 5CC908FDB71E12C2: public key "Daniel Stenberg <daniel@haxx.se>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

--recv-keys密钥ID：从密钥服务器导入具有给定密钥ID的密钥。

如果以上操作失败，则可能需要生成本地gpg密钥库/数据库。

由于上面的步骤现在为您创建了本地密钥数据库，因此以下步骤可能不再需要。这取决于您的发行版，gpg版本和配置。

如果您还没有gpg本地用户的密钥数据库。

gpg --generate-key 

要么

gpg --full-gen-key 

文档怎么说。

   --generate-key
   --gen-key
          Generate  a  new key pair using the current default parameters.  This is the standard command to create a new key.  In addition to the key a revocation certificate is created and stored in the
          ‘openpgp-revocs.d’ directory below the GnuPG home directory.

   --full-generate-key
   --full-gen-key
          Generate a new key pair with dialogs for all options.  This is an extended version of --generate-key.

          There is also a feature which allows you to create keys in batch mode. See the manual section ``Unattended key generation'' on how to use this.