Git: install inside MSYS2: signature from "Johannes Schindelin <...>" is unknown trust

Yes, there is something wrong.

The required keyring is in git-for-windows-keyring (which you can download manually here: https://bintray.com/git-for-windows/pacman/git-for-windows-keyring), and that package is a dependency of git-extra, which is installed implicitly in Git for Windows' SDK.

You probably set up a custom system based on MSYS2 but not using Git for Windows' SDK, and you simply missed that git-extra has to be installed (and re-installed after certain packages are upgraded, such as filesystem and pacman).

Thank you for the answer, I am new to pacman. It worked after running the following script:

wget https://raw.githubusercontent.com/git-for-windows/build-extra/master/git-for-windows-keyring/git-for-windows.gpg

pacman-key --add ./git-for-windows.gpg
pacman-key --list-keys
pacman-key --lsign-key 1A9F3986

rm ./git-for-windows.gpg

Side question (probably related to pacman) : is it the expected behavior for the install not to use symbolic links (binaries are duplicated in git-core) despite them bieng enabled (export MSYS=winsymlinks:nativestrict) and working correctly using ln -s command?

wget https://raw.githubusercontent.com/git-for-windows/build-extra/master/git-for-windows-keyring/git-for-windows.gpg pacman-key --add ./git-for-windows.gpg pacman-key --list-keys pacman-key --lsign-key 1A9F3986 rm ./git-for-windows.gpg

That's a good find!

I think the following also works (and avoids a temporary file):

curl -L https://raw.githubusercontent.com/git-for-windows/build-extra/master/git-for-windows-keyring/git-for-windows.gpg |
pacman-key --add - &&
pacman-key --lsign-key 1A9F3986

Side question (probably related to pacman) : is it the expected behavior for the install not to use symbolic links (binaries are duplicated in git-core) despite them bieng enabled (export MSYS=winsymlinks:nativestrict) and working correctly using ln -s command?

The MSYS environment variable is an environment variable, hence possibly transient. As such, yes, I think this is expected. It is an inherited feature of MSYS2, though, so I am not quite certain that my interpretation is correct.

This problem is still happening when following this guide - https://github.com/git-for-windows/git/wiki/Install-inside-MSYS2-proper
I solved it by using the command from above:
curl -L https://raw.githubusercontent.com/git-for-windows/build-extra/master/git-for-windows-keyring/git-for-windows.gpg | pacman-key --add - && pacman-key --lsign-key 1A9F3986

I also had issues during fetching and pulling, like:

/d/dev/lib/Catch
$ git fetch --all
Fetching origin
fatal: unable to access 'https://github.com/philsquared/Catch.git/': error setting certificate verify locations:
CAfile: D:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
error: Could not fetch origin

I guess it was because of a remaning configuration from previous Git for Windows installation.
I solved it with:
git config --system http.sslcainfo /mingw64/ssl/certs/ca-bundle.crt

I updated the wikipage and added this step.

I updated the wikipage and added this step.

Please note that it is the responsibility of git-extra's post-install script to initialize Git's system config: https://github.com/git-for-windows/build-extra/blob/c7f09a1088eb455dd9d6db196fddc0c9119efdcc/git-extra/git-extra.install#L21-L22

The guide doesn't mention git-extra, so it would be a good move to add it there.

it would be a good move to add it there.

It would also be good to help the project by lessening the load on the maintainer.

Understood ;-). I will try to prepare a pull request.

It turns out a pull request is not required to edit the wiki. I added git-extra and also changed commands to use pacboy instead of pacman - no more need to write mingw-w64-x86_64- before every 64-bit package and the parameters are easier to understand and remember.

----- Original Message -----
From: Arkadiusz Piekarz
To: git-for-windows/git
Cc: Subscribed
Sent: Monday, October 09, 2017 8:35 PM
Subject: Re: [git-for-windows/git] install inside MSYS2: signature from "Johannes Schindelin <...>" is unknown trust (#1238)

It turns out a pull request is not required to edit the wiki. I added git-extra and also changed commands to use pacboy instead of pacman - no more need to write mingw-w64-x86_64- before every package and the parameters are easier to understand and remember.

What is 'pacboy' - Is there a bigger reference for this?

--
Philip

It's installed by default in Msys2. It was designed to wrap pacman commands into short human readable form and also to ease working with 32/64-bit package names and different repositories.
It originated here: https://github.com/renatosilva/pactoys
Quoting its help:

Pacboy 2016.6.24
Copyright (C) 2015, 2016 Renato Silva
Licensed under BSD

This is a pacman wrapper for MSYS2 which handles the package prefixes
automatically, and provides human-friendly commands for common tasks.

Usage:
    pacboy [command] [arguments]
    Arguments will be passed to pacman or pkgfile after translation:

    For 64-bit MSYS2, name:i means i686-only
    For 64-bit MSYS2, name:x means x86_64-only
    For MSYS shell, name:m means mingw-w64
    For all shells, name: disables any translation for name
    For all shells, repository::name means repository/name

Commands:
    sync        Shorthand for --sync or --upgrade
    update      Shorthand for --sync --refresh --sysupgrade
    refresh     Shorthand for --sync --refresh
    find        Shorthand for --sync --search
    packages    Shorthand for --sync --list
    files       Shorthand for --query --list [--file]
    info        Shorthand for --query --info [--file]
    origin      Shorthand for --query --owns or pkgfile
    remove      Shorthand for --remove --recursive
    debug       Verbose output for the above commands

It seems that pacboy is indeed installed in Git for Windows' SDK by default: https://github.com/git-for-windows/git-sdk-64/blob/master/usr/bin/pacboy