This is a short note on a occasion failure that I recently encountered.
After pkgin -y upgrade, I had this
outcome:
pkg_install warnings: 0, errors: 79
pkg_install error log can be found in /var/db/pkgin/pkg_install-err.logInspecting the log, all the errors are like this:
2025-11-23T00:53:57Z [78/78] refreshing npth-1.8...
pkg_add: unable to verify signature: Signature key id e3e6a9c6c8ac9bd0 not foundI won't post about how I failed to find any useful information by search engine or LLM. NetBSD is a minority thing, Pkgsrc users on macOS is also minority.
The root of the cause is the key used to sign the packages get
changed but the pkg_* tools haven't
get updated so the package signature verification fails. This is an
occasion thing to encounter, so you won't find much helpful
information online.
The solution is get to the pkgin
package cache directory, on macOS that is /var/db/pkgin/cache/. Find the pkg_install package there. Unpack it using
tar, you will get two metainfo files
+PKG_HASH, +PKG_GPG_SIGNATURE, and the package tarball.
Verify the package content and checksum for safety, then add the
package tarball with pkg_add.
Then you can proceed to pkgin upgrade
--full.