AUR (en) - binance

Search Criteria

Enter search criteria

Search by

Keywords

Out of Date

Sort by

Sort order

Per page

Package Details: binance 1.47.0-1

Package Actions

Git Clone URL:	https://aur.archlinux.org/binance.git (read-only, click to copy)
Package Base:	binance
Description:	The Binance desktop application
Upstream URL:	https://www.binance.com/en/download
Keywords:	binance crypto electron
Licenses:	unknown
Submitter:	strahe
Maintainer:	strahe (metaanon, tyjak)
Last Packager:	metaanon
Votes:	35
Popularity:	0.39
First Submitted:	2020-09-10 08:20 (UTC)
Last Updated:	2023-09-25 15:44 (UTC)

Dependencies (2)

coreutils (coreutils-git^AUR, busybox-coreutils^AUR, coreutils-hybrid-git^AUR, coreutils-selinux^AUR, coreutils-hybrid^AUR) (check)
curl (curl-quiche-git^AUR, curl-http3-ngtcp2^AUR, curl-c-ares^AUR, curl-git^AUR) (check)

Required by (0)

Sources (1)

binance-1.47.0.deb

Pinned Comments

metaanon commented on 2021-05-13 07:29 (UTC) (edited on 2021-05-13 08:08 (UTC) by metaanon)

Binance don't version their binaries. They simply replace the binance-amd64-linux.deb with a newer version. This means you will correctly receive a validity check error as the deb file no longer matches with the SHA sum.

Please confirm the latest Binance version and then mark this package as out of date.

Unless Binance change their release strategy or someone can come up with a clever solution, it is what it is.

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 Next › Last »

metaanon commented on 2021-04-28 16:40 (UTC) (edited on 2021-04-28 16:43 (UTC) by metaanon)

Right unless I'm seriously thick, or totally missing the point I can't see where you guys are having an issue with the checksums.

There's nothing wrong with the current Binance hosted checksum. It's the same checksum that I pushed 42 hours ago.

metaanon > wget https://ftp.binance.com/electron-desktop/linux/production/binance-amd64-linux.deb
binance-amd64-linux.deb                         100%[====================================================================================================>]  78.86M  10.6MB/s    in 7.6s    

2021-04-28 17:30:03 (10.3 MB/s) - ‘binance-amd64-linux.deb’ saved [82691782/82691782]

metaanon > sha256sum binance-amd64-linux.deb 
96add572427cc441e63637311f5c4151250140df813f75d904a8d69c93b7d1ba  binance-amd64-linux.deb

metaanon > curl https://ftp.binance.com/electron-desktop/linux/production/binance-amd64-linux-deb-sha256.txt
96add572427cc441e63637311f5c4151250140df813f75d904a8d69c93b7d1ba

@tyjak your file vs sha check was always going to fail because the output of sha256sum appends the file name checked so the string wouldn't match the $binanchecksum. I've fixed this up and removed the exit 0 as this was causing the build to fail.

I've also added some echos just for clarity:

metaanon > makepkg -Cic
==> Making package: binance 1.15.4-2 (Wed 28 Apr 2021 17:24:06 BST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading binance-1.15.4.deb...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 78.8M  100 78.8M    0     0  9957k      0  0:00:08  0:00:08 --:--:-- 10.5M
==> Validating source files with sha256sums...
    binance-1.15.4.deb ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
  -> Extracting binance-1.15.4.deb with bsdtar
==> Starting check()...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    64  100    64    0     0     54      0  0:00:01  0:00:01 --:--:--    54
Checksum verification...
1 Binance : 96add572427cc441e63637311f5c4151250140df813f75d904a8d69c93b7d1ba
2 PKGBUILD: 96add572427cc441e63637311f5c4151250140df813f75d904a8d69c93b7d1ba
3 Deb File: 96add572427cc441e63637311f5c4151250140df813f75d904a8d69c93b7d1ba binance-1.15.4.deb
4 Compare : 96add572427cc441e63637311f5c4151250140df813f75d904a8d69c93b7d1ba 96add572427cc441e63637311f5c4151250140df813f75d904a8d69c93b7d1ba
binance checksum file and PKGBUILD declared checksum: OK
deb checksum and binance file checksum: OK

But as you can see the initial pkgbuild sha check was successfully passing so again I don't know why you guys are seeing an error.

I've brought the version back to 1.15.4-2. So you might need to uninstall binance and remove your cached version (yay -Sc) if you've tried to download 1.15.5

tyjak commented on 2021-04-28 09:07 (UTC)

I leaved a message to binance support, aur package can't be installed until binance solved the pb of their checksum file diff with checksum of the deb file...

tyjak commented on 2021-04-28 08:57 (UTC)

@metaanon sorry for the version number error, I didn't know about that diff with pkg and binary...

tyjak commented on 2021-04-28 08:55 (UTC)

@metaanon the pb actually is that the checksum from binance isn't up to date with the checksum of the deb file and this is for me suspicious and we can't publish a new version if binance checksum does not match the deb checksum. I prefer wait that binance correct the pb first. That's good to know that you're reactive :) With the check added, your pipeline should failed I presume so seems good to me now...

metaanon commented on 2021-04-28 08:54 (UTC)

Hey @tyjak it would have made more sense for you to bump the pkg release version rather than the binary i.e. 1.15.4-2. Binance binary is still at 1.15.4 not 1.15.5

metaanon commented on 2021-04-28 08:45 (UTC)

Hi @huck @tyjak.

Firstly, I've just downloaded both the deb and sha from Binance and the checksum both match locally and with the sha in PKGBUILD. I pushed 1.15.4 43 hours ago and there's been no change since then.

I've mentioned previously, Binance don't version their binaries, they only provide a generically named binance-amd64-linux.deb. They replace that deb file and update the sha txt accordingly. If you try and install this aur package after Binance have updated their side but before I've updated this package, as you've discovered, the checksum fails and the installation stops. I could add a check against the PKGBUILD sha and Binance sha during install but in the scenario above the outcome is exactly the same, the checksum fails and install stops.

FYI I confirm locally the deb and sha match as part of my automated script that updates and pushes a new PKGBUILD. Doesn't stop the above issue occurring.

The only other option I can really look at is croning/GitLab pipeline my automated script to constantly check for an update and trying to reduce the gap between Binance updating and me updating the AUR. People seem to flag this package out of data very quickly after Binance push an update and myself and @tyjak have generally reacted within an hour or so, so for most people they will never have this timing issue.

Happy to listen to peoples thoughts or advice though.

tyjak commented on 2021-04-28 08:44 (UTC)

@metaanon, @huck, I added a check against checksum from binance file, PKGBUILD declared and checksum of the deb file downloaded... I feel more secure with this. Feel free to optimze if needed it.

tyjak commented on 2021-04-28 07:29 (UTC)

@huck, I'm totally agree with you, I did the check for 1.14.3-1. I'm co-maintainer, and I'm wondering if it's possible to add a check in the install script, since Binance could be updated very frequently... Like get the sha256sum from binance and check it against the deb file downloaded and against the sha256sum from PKGBUILD in the install procedure.

Otherwise, I'm thinking of not installing by AUR, if I can't be sure that the sha256sum is verified by one of the co-maintainer...

Todd commented on 2021-04-28 00:37 (UTC)

I see that this package is updated with the latest binance application release. However, after downloading the .deb file from binance.com and attempting to verify it with the sha256 checksum does not verify the application as original. Therefore, the application could contain malware or binance must not have updated the checksum. I am assuming that you didn't verify the application prior to updating the AUR package with the lasted release either. I would be wary of upgrading the binance application to its latest version until binance has updated the checksum.

dougEfish commented on 2021-04-23 10:40 (UTC) (edited on 2021-04-23 10:41 (UTC) by dougEfish)

1.15.2


diff --git a/.SRCINFO b/.SRCINFO
index 699d6d6..7c61a17 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,13 +1,13 @@
 pkgbase = binance
    pkgdesc = The Binance desktop application
-   pkgver = 1.15.1
+   pkgver = 1.15.2
    pkgrel = 1
    url = https://www.binance.com/en/download
    arch = x86_64
    license = unknown
    depends = electron
-   source = binance-1.15.1.deb::https://ftp.binance.com/electron-desktop/linux/production/binance-amd64-linux.deb
-   sha256sums = fa6edaa265b3870c7a449b315dc2bc5b68fd459801dd71672c6454872a161536
+   source = binance-1.15.2.deb::https://ftp.binance.com/electron-desktop/linux/production/binance-amd64-linux.deb
+   sha256sums = 00f85c34fdb270fb0e3f030c07ed00faef28273a0dc8dc0433929ed22deeb53f

 pkgname = binance

diff --git a/PKGBUILD b/PKGBUILD
index 9bd9df9..3d7be8c 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
 # Maintainer: tyjak

 pkgname=binance
-pkgver=1.15.1
+pkgver=1.15.2
 pkgrel=1
 pkgdesc="The Binance desktop application"
 arch=('x86_64')
@@ -12,7 +12,7 @@ license=('unknown')
 depends=('electron')
 source=('https://ftp.binance.com/electron-desktop/linux/production/binance-amd64-linux.deb')
 source=("${pkgname}-${pkgver}.deb::https://ftp.binance.com/electron-desktop/linux/production/binance-amd64-linux.deb")
-sha256sums=('fa6edaa265b3870c7a449b315dc2bc5b68fd459801dd71672c6454872a161536')
+sha256sums=('00f85c34fdb270fb0e3f030c07ed00faef28273a0dc8dc0433929ed22deeb53f')

 package() {
     bsdtar -xv -C "${pkgdir}" -f "${srcdir}/data.tar.xz"