Arch Linux User Repository

Question is, is this person trusted?

Well that is on you to decide. :) the prettygoodprivacy (PGP) system is designed to build trust networks and give you guidance on whether to trust the key of someone or not. It is a tool that attempts to help to come over a pretty much unsolvable problem.

In this case, https://github.com/bisq-network/bisq/releases, which is the place where Bisq is built, gives you a whole lot of information on how it is built, how it is installed and how you can verify that you got the correct software package. There you can also find the key files of the guy who packaged and released bisq (and he did so for years now).

Does this fix defeat the purpose of having keys in the first place?

Well, you do no longer need to trust me, the packager, to supply the correct checksums. And you can be rather certain that it still is the same guy that releases bisq, until key stuff starts acting up again. So at least you can be certain that nobody suddenly hijacked the AUR and feeds you malicious software.

:)

just spent an hour banging my head off my monitor trying to get this installed. Haven't used linux in years and from what I remember, with arch, nothing ever just works. Forgot that till now. Installed manjaro and after it's first update it breaks and terminal wont run. Of course. Fixed it. Anyway. I digress.

Key problem. Spent an hour figuring out how to manually do keys and shit only to see here that the uploader/packager posted a fix. Pasted in what he posted and it finally installed.

Question is, is this person trusted? Does this fix defeat the purpose of having keys in the first place? Seems pretty stupid.

I should have gone with a debian based distro. I'm going to bed.

I updated yesterday with the manjaro gui package manager. I am unable to find Bisq listed in my applications now and the GNOME activities search does not bring it up in a search.

I am hesitant to reinstall the package because I have some bitcoins in the current bisq installation. Any ideas on next steps here? I attempted to open Bisq in the command line under /opt/bisq/bisq-desktop but it was an invalid command. I did confirm in pacman that the bisq package is still installed. Any further guidance would be appreciated. Thanks.

I just updated the build to fetch the newly available signed source tarball off github. finally.

If you stumble over the message that a key is not trusted just do a gpg --recv-keys 29CDFD3B and you should be good

Freezes my computer at launch. Only hard boot helps.

@dsche-cyber I am not one of the maintainers, so all I can say is that the reference should be the GitHub release channel, in my opinion. Means of verification are provided there for every release. Since this AUR package had to switch to git clone because of this issue, I don't know what the checksum is supposed to check. I think you were right to raise ŧhis issue with the Bisq developer: if one cannot build from the release's archive alone, a different verification is necessary.

@sylphio alright, one more thing: where did you get the sha256sum in PKGBUILD from?

@dsche-cyber I can't help you with that; that question would be better asked to the Bisq community than in the AUR. Still, what you report is what I would expect: Bisq is a separate network (built atop Tor).

@sylphio thanks for the quick response and the hint. Was searching for it a long time and 10 min after the post I found it, this happens all the time...

Got my full node connected the following way:
1. Custom Node under settings with:
127.0.0.1 (No [] and since port 8333 is set per default no port)
2. restart (you get prompted to do so)
3. Uncheck on tor.
4. restart (you get prompted to do so)

But I got a question: The connected peers shown in bisq are not the same as the ones from bitcoin-cli getpeerinfo. Why is that and is it normal?