Package Details: bisq 1.9.14-1

Git Clone URL: https://aur.archlinux.org/bisq.git (read-only, click to copy)
Package Base: bisq
Description: Cross-platform desktop application that allows users to trade national currency (dollars, euros, etc) for bitcoin without relying on centralized exchanges
Upstream URL: https://bisq.network
Licenses: AGPL3
Conflicts: bisq-bin, bisq-git
Provides: bisq
Submitter: dmp1ce
Maintainer: dmp1ce
Last Packager: dmp1ce
Votes: 61
Popularity: 1.11
First Submitted: 2017-07-05 14:43 (UTC)
Last Updated: 2023-10-18 00:14 (UTC)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 10 11 12 Next › Last »

dmp1ce commented on 2021-03-06 16:50 (UTC)

That's right. Go to the releases page and you will see the same hash for the GPG key. 29CDFD3B which belongs to Christoph Atteneder.

https://github.com/bisq-network/bisq/releases

If you use 29CDFD3B, as suggested on Github and here, then you know you are installing the binary created from the original creator.

freimair commented on 2021-03-04 14:08 (UTC) (edited on 2021-03-04 14:09 (UTC) by freimair)

Question is, is this person trusted?

Well that is on you to decide. :) the prettygoodprivacy (PGP) system is designed to build trust networks and give you guidance on whether to trust the key of someone or not. It is a tool that attempts to help to come over a pretty much unsolvable problem.

In this case, https://github.com/bisq-network/bisq/releases, which is the place where Bisq is built, gives you a whole lot of information on how it is built, how it is installed and how you can verify that you got the correct software package. There you can also find the key files of the guy who packaged and released bisq (and he did so for years now).

Does this fix defeat the purpose of having keys in the first place?

Well, you do no longer need to trust me, the packager, to supply the correct checksums. And you can be rather certain that it still is the same guy that releases bisq, until key stuff starts acting up again. So at least you can be certain that nobody suddenly hijacked the AUR and feeds you malicious software.

:)

0000000000 commented on 2021-03-03 20:41 (UTC)

just spent an hour banging my head off my monitor trying to get this installed. Haven't used linux in years and from what I remember, with arch, nothing ever just works. Forgot that till now. Installed manjaro and after it's first update it breaks and terminal wont run. Of course. Fixed it. Anyway. I digress.

Key problem. Spent an hour figuring out how to manually do keys and shit only to see here that the uploader/packager posted a fix. Pasted in what he posted and it finally installed.

Question is, is this person trusted? Does this fix defeat the purpose of having keys in the first place? Seems pretty stupid.

I should have gone with a debian based distro. I'm going to bed.

rockyr commented on 2021-02-03 17:09 (UTC)

I updated yesterday with the manjaro gui package manager. I am unable to find Bisq listed in my applications now and the GNOME activities search does not bring it up in a search.

I am hesitant to reinstall the package because I have some bitcoins in the current bisq installation. Any ideas on next steps here? I attempted to open Bisq in the command line under /opt/bisq/bisq-desktop but it was an invalid command. I did confirm in pacman that the bisq package is still installed. Any further guidance would be appreciated. Thanks.

freimair commented on 2021-02-02 12:23 (UTC) (edited on 2021-02-02 12:23 (UTC) by freimair)

I just updated the build to fetch the newly available signed source tarball off github. finally.

If you stumble over the message that a key is not trusted just do a gpg --recv-keys 29CDFD3B and you should be good

Giandoja commented on 2020-10-21 08:35 (UTC) (edited on 2020-10-21 08:37 (UTC) by Giandoja)

For Arch users with GNOME (hence Wayland):

To me Bisq didn't want to know to start, so I tried to install all the versions of Java that I found (apart from the older ones) and set the default OpenJDK11, and now everything works. Here are the commands I gave, but I don't know exactly which of the things I installed is the one that made Bisq work (I'm newbie):
sudo pacman -Syuv java-environment-common jdk-openjdk openjdk-doc openjdk-src jre11-openjdk jdk11-openjdk openjdk11-doc openjdk11-src java-openjfx java-openjfx-doc java-openjfx-src java11-openjfx java11-openjfx-doc java11-openjfx-src --noconfirm &&
sudo archlinux-java set java-11-openjdk

I hope it can be of help to someone. You probably just need to install OpenJDK11 only and then set it to default for Bisq to work, but I haven't tried.

fce8 commented on 2020-10-14 14:37 (UTC)

Freezes my computer at launch. Only hard boot helps.

sylphio commented on 2020-06-22 08:38 (UTC)

@dsche-cyber I am not one of the maintainers, so all I can say is that the reference should be the GitHub release channel, in my opinion. Means of verification are provided there for every release. Since this AUR package had to switch to git clone because of this issue, I don't know what the checksum is supposed to check. I think you were right to raise ŧhis issue with the Bisq developer: if one cannot build from the release's archive alone, a different verification is necessary.

dsche-cyber commented on 2020-06-21 21:58 (UTC)

@sylphio alright, one more thing: where did you get the sha256sum in PKGBUILD from?

sylphio commented on 2020-06-21 21:46 (UTC)

@dsche-cyber I can't help you with that; that question would be better asked to the Bisq community than in the AUR. Still, what you report is what I would expect: Bisq is a separate network (built atop Tor).