This is a short note on an occasional failure that I recently encountered.
After pkgin -y upgrade, I had this
outcome:
pkg_install warnings: 0, errors: 79
pkg_install error log can be found in /var/db/pkgin/pkg_install-err.logInspecting the log, all the errors are like this:
2025-11-23T00:53:57Z [78/78] refreshing npth-1.8...
pkg_add: unable to verify signature: Signature key id e3e6a9c6c8ac9bd0 not foundI won't post about how I failed to find any useful information by search engine or LLM. NetBSD is a minority thing, Pkgsrc users on macOS is also minority.
The root of the cause is the key used to sign the packages get
changed but the pkg_* tools haven't
get updated so the package signature verification fails. This is a
rare occurrence, so you won't find much helpful information
online.
The solution is get to the pkgin
package cache directory, on macOS that is /var/db/pkgin/cache/. Find the pkg_install package there. Unpack it using
tar, you will get two metainfo files
+PKG_HASH, +PKG_GPG_SIGNATURE, and the package tarball.
Verify the package content and checksum for safety, then add the
package tarball with pkg_add.
Then you can proceed to pkgin upgrade
--full.