GPG error installing 6.x toolchains with swiftly

Hello All,

There's a bug in the current release of swiftly (v0.3.0 and earlier) that prevents it from installing Swift 6.x toolchains if it was installed before a few weeks ago. This is because the tool doesn't automatically get the latest 6.x signing keys from swift.org, it only refreshes them. When it goes to validate the signature of the download, GPG fails to verify it against a known, trusted key. You might get an error like this:

                             Downloading Swift 6.0.0
100% [=============================================================]
Downloaded 773.3 MiB of 773.3 MiB
Downloading toolchain signature...
Verifying toolchain signature...
gpg: Signature made Mon 16 Sep 2024 04:14:14 PM CDT
gpg:                using RSA key EF80A866B47A981F
gpg: Can't check signature: No public key
Error: Toolchain signature verification failed: Error(message: "gpg exited with non-zero status: 2")

If you run into this problem you can manually import the new 6.x toolchain keys from swift.org like this:

curl --silent --retry 3 --location --fail https://swift.org/keys/all-keys.asc | gpg --import -

This is what the swiftly install bash script does today. So, another way to work around the problem is to install a fresh swiftly on your system.

I aim to be better prepared for new signatures in the upcoming release of swiftly. Meanwhile, I hope that this helps to unblock anyone who is running into this.

Cheers,
Chris

5 Likes