惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Application and Cybersecurity Blog
Application and Cybersecurity Blog
A
About on SuperTechFans
S
SegmentFault 最新的问题
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Help Net Security
Help Net Security
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
O
OpenAI News
美团技术团队
月光博客
月光博客
Apple Machine Learning Research
Apple Machine Learning Research
Schneier on Security
Schneier on Security
Webroot Blog
Webroot Blog
Cyberwarzone
Cyberwarzone
Hacker News - Newest:
Hacker News - Newest: "LLM"
Google Online Security Blog
Google Online Security Blog
T
Tenable Blog
S
Security Affairs
博客园_首页
S
Schneier on Security
Security Latest
Security Latest
T
Threat Research - Cisco Blogs
T
Tailwind CSS Blog
大猫的无限游戏
大猫的无限游戏
Spread Privacy
Spread Privacy
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
K
Kaspersky official blog
Hugging Face - Blog
Hugging Face - Blog
TaoSecurity Blog
TaoSecurity Blog
博客园 - 聂微东
Vercel News
Vercel News
M
MIT News - Artificial intelligence
T
Troy Hunt's Blog
B
Blog
MongoDB | Blog
MongoDB | Blog
Martin Fowler
Martin Fowler
Attack and Defense Labs
Attack and Defense Labs
L
LINUX DO - 最新话题
D
DataBreaches.Net
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
博客园 - Franky
W
WeLiveSecurity
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Fortinet All Blogs
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
Check Point Blog
H
Hacker News: Front Page

John Bokma's Hacking and Hiking

Aquamacs 3.6 Hangs When Saving An Encrypted File PAR trouble How To Create a Bootable LibreELEC Installation using Mac OS Running pdflatex Using the Alpine Pandoc LaTeX Docker Image A Docker Image for Sass Timezones in Alpine Docker Containers A Tale of Three Docker Images Debugging a Perl Docker container Perl Time::Piece Unicode Issue Giving Docker Desktop for macOS a Second Chance Flashing another TP-Link TL-WDR4300 with OpenWrt firmware Rehousing two tarantulas Getting started with the Perl version of tumblelog on Ubuntu 18.04 LTS A visit to Avonturia De Vogelkelder Flashing a TP-Link TL-WDR4300 with OpenWrt firmware Mounting a VDI File in a Different VirtualBox Guest Wireless Headless Raspberry Pi - John Bokma A Matter of Time - John Bokma Hand coding an RSS 2.0 feed in Python RFC #822 and RFC #3339 dates in Perl RFC #822 and RFC #3339 dates in Python Hand coding an RSS 2.0 feed in Perl Nav Element with no Heading Rewriting CommonMark Nodes in Perl "right" this time
Failed to verify signature archive-contents.sig in Emacs
John Bokma · 2025-11-15 · via John Bokma's Hacking and Hiking

November 14, 2025

In the evening, when I wanted to look at color themes for Aquamacs, an Emacs for macOS, I was greeted with the following error message (reformatted for clarity) after I did a M-x package-refresh-contents:

Failed to verify signature archive-contents.sig:
No public key for 645357D2883A0966 created at 2025-11-14T11:05:15+0100
using (unknown algorithm 22)
Command output:
gpg: Signature made Fri Nov 14 11:05:15 2025 CET
gpg:                using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966
gpg: Can't check signature: No public key

I was able to fix this using the by disabling signature checking, refreshing the package list, installing gnu-elpa-keyring-update, and finally setting signature checking back to its default value as follows:

M-: (setq package-check-signature nil) RET
M-x package-refresh-contents
M-x package-install RET gnu-elpa-keyring-update RET
M-: (setq package-check-signature 'allow-unsigned) RET

It turned out that there where 5 packages that could be upgraded. So I pressed ⇧U to select them all followed by M-x occur RET ^I RET. This showed the five packages ready to be upgraded. I used X to install the five packages. However, this resulted in yet another error (reformatted for clarity) after installing two packages successfully:

Failed to verify signature let-alist-1.0.6.tar.sig:
Good signature from 645357D2883A0966 GNU ELPA Signing Agent (2023)
<elpasign@elpa.gnu.org> (trust undefined) created at 2024-03-31T11:35:04+0200
using (unknown algorithm 22)
Signature made by expired key 066DAFCB81E42C40 GNU ELPA Signing Agent (2019)
<elpasign@elpa.gnu.org>
Command output:
gpg: Signature made Sun Mar 31 11:35:04 2024 CEST
gpg:                using RSA key C433554766D3DDC64221BFAA066DAFCB81E42C40
gpg: Good signature from "GNU ELPA Signing Agent (2019)
 <elpasign@elpa.gnu.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: C433 5547 66D3 DDC6 4221  BFAA 066D AFCB 81E4 2C40
gpg: Signature made Sun Mar 31 11:35:04 2024 CEST
gpg:                using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966
gpg: Good signature from "GNU ELPA Signing Agent (2023) <elpasign@elpa.gnu.org>"
[unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC49 B8A5 FDED 6931 F40E  E78B F993 C037 86DE 7ECA
     Subkey fingerprint: 0327 BE68 D64D 9A1A 6685  9F15 6453 57D2 883A 0966

The culprit was let-alist so I decided to not upgrade that package until I have figured out how to fix the above issue. I did this by pressing ⇧U again and removing the mark from let-alist by pressing U on the line for let-alist. After this X did an upgrade of the two other remaining packages.

Because it was already late when I was done with testing and blogging about it I decided to check out the themes on a different day.

Related