==> Verifying source file signatures with gpg...
spotify-1.2.26.1187-1-Release ... %s is unable to verify the signature.
gpg
==> ERROR: One or more PGP signatures could not be verified!
I cant find this mystical "local gpg key pair" they are talking about.
I set up some sort of GPG key (I think) after trying to follow a tutorial but no luck.
Any help?
So doing just a little bit of digging I was able to find the following answer on a different thread, which recommends simply importing the necessary PGP keys for the given software using the gpg command (man-page, arch-wiki)
Since you didn't provide the command you entered to get the error output, I'm not sure which spotify client you were attempting to download (spotify-launcher/extra, spotify (AUR), etc).
Assuming you were going for the AUR package, gromit posted a comment on the package page about how to import the GPG key. I'm not too familiar with actually importing these keys, so I couldn't tell you if gromit's command will do all the work for you, or if you still need to manually install it afterwards using the method on the superuser thread, but I'd guess the command likely works all on its own. Keep in mind what he added at the end about the keys changing often.
If you're trying to download a client other than the AUR version, you'll have to find some other way of obtaining the relevant pgp key, then importing it using the first method listed.
