diff --git a/ansible/roles/gpg/templates/gpg-agent.conf.j2 b/ansible/roles/gpg/templates/gpg-agent.conf.j2
index 1679e6d..37c11a9 100644
--- a/ansible/roles/gpg/templates/gpg-agent.conf.j2
+++ b/ansible/roles/gpg/templates/gpg-agent.conf.j2
@@ -4,3 +4,6 @@ use-standard-socket
 default-cache-ttl 600
 max-cache-ttl 7200
 display :0
+{% if install_graphics and os_flavor == "freebsd" %}
+pinentry-program /usr/local/bin/pinentry-qt5
+{% endif %}
diff --git a/ansible/roles/zfs/tasks/linux.yaml b/ansible/roles/zfs/tasks/linux.yaml
index e9fb8b3..3eae95f 100644
--- a/ansible/roles/zfs/tasks/linux.yaml
+++ b/ansible/roles/zfs/tasks/linux.yaml
@@ -4,6 +4,20 @@
       - linux-lts-headers
     state: present
 
+- name: Check trusted gpg keys
+  become_user: "{{ build_user.name }}"
+  command: gpg --list-public-keys --keyid-format LONG
+  register: gpgkeys
+  changed_when: false
+  check_mode: no
+
+- name: Trust ZFS key
+  when: "item not in gpgkeys.stdout"
+  become_user: "{{ build_user.name }}"
+  command: "gpg --recv-key '{{ item }}'"
+  loop:
+    - "0AB9E991C6AF658B"
+
 - name: Build aur packages
   register: buildaur
   become_user: "{{ build_user.name }}"