Package Details: cloudflare-warp-bin 2024.11.309-1

Git Clone URL: https://aur.archlinux.org/cloudflare-warp-bin.git (read-only, click to copy)
Package Base: cloudflare-warp-bin
Description: Cloudflare Warp Client
Upstream URL: https://1.1.1.1
Licenses: unknown
Conflicts: cloudflare-warp
Provides: warp-cli, warp-diag, warp-svc
Submitter: solatis
Maintainer: solatis (mhdi, billyaddlers, vk8a8, Neomax7)
Last Packager: mhdi
Votes: 56
Popularity: 1.83
First Submitted: 2021-05-26 08:59 (UTC)
Last Updated: 2024-11-19 08:44 (UTC)

Latest Comments

« First ‹ Previous 1 .. 10 11 12 13 14 15 16 17 18 Next › Last »

solatis commented on 2021-12-13 09:44 (UTC)

@33Fraise33 it appears like you're correct, the md5/sha256 hashes have also changed.

I've pushed an update with the new hashes.

33Fraise33 commented on 2021-12-13 08:59 (UTC)

the signing key of the package has been changed as the Linux key was compromised. Is it possible this created the issue users below are seeing? This is the email we received: https://i.imgur.com/xteA2VW.png

bigjv12 commented on 2021-12-12 23:07 (UTC)

Hi

I am getting the following error when trying to build if that helps

Building cloudflare-warp-bin... ==> Making package: cloudflare-warp-bin 2021.10.0-3 (Sun 12 Dec 2021 23:06:15 GMT) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found cloudflare_warp_2021_10_0_1_amd64_916ef55734_amd64.deb ==> Validating source files with md5sums... cloudflare_warp_2021_10_0_1_amd64_916ef55734_amd64.deb ... FAILED ==> ERROR: One or more files did not pass the validity check! Failed to build cloudflare-warp-bin

solatis commented on 2021-12-11 20:44 (UTC)

@kirusfg could you post the error message you're seeing?

kirusfg commented on 2021-12-11 15:57 (UTC)

Hello, cannot install the package - there is a md5sum mismatch. I know very little about packaging, but am ready to help with this if I can.

Nu4425 commented on 2021-12-01 19:28 (UTC) (edited on 2021-12-01 19:32 (UTC) by Nu4425)

@solatis thank you for looking into it.

After looking into it myself by reading the wiki and examples like firefox-nightly, I think it would be best not validate it and instead wait for an official upstream tarball/zip where a signature file would ideally be present.

So for now, comparing the md5 digests within the .deb and listing the sha2 digest suffices

solatis commented on 2021-11-30 12:17 (UTC)

@PanisSupraOmnia I'll take care of it!

@Nu4425 I'm trying to see how that works, is there any tooling in PKGBUILD that allows me to verify .deb package signatures of embedded files? I cannot use the validpgpkeys construct as that verifies the signatures on a Arch-package level, not the embedded files inside the .deb. The process is basically to extract the _gpgorigin out of the archive, and verify it using

gpg --verify ./_gpgorigin ./debian-binary ./control.tar.gz ./data.tar.gz

Is there something that automates that?

PanisSupraOmnia commented on 2021-11-29 22:42 (UTC)

Hi @solatis, I noticed that in one of the recent package updates where you cleaned up the PKGBUILD you changed it to use the msg2 and error subroutines. These are not part of makepkg's stable public API, and so they should not be used in PKGBUILDs, per the wiki.

Nu4425 commented on 2021-11-19 16:39 (UTC) (edited on 2021-11-19 16:43 (UTC) by Nu4425)

@solatis thank you for that! Also, as another improvement, would you consider using cloudflare's official pgp fingerprint provided at "https://pkg.cloudflareclient.com/pubkey.gpg" during the build process for validation? The fingerprint can be listed through

curl https://pkg.cloudflareclient.com/pubkey.gpg | gpg --show-keys

As it is officially signed and is a RSA-4096 key, I think using this key would make this package official therefore providing a higher degree of security.

solatis commented on 2021-11-08 11:21 (UTC)

@Nu4425 your wish is my command. :)

The md5sum is what the original apt package (for Ubuntu focal) uses to validate the package, and there's something to be said for using the "official" md5sums. Having said that, I've added a few improvements:

  • Use a sha256sum in addition to the official md5sum;
  • Use the packaged md5sums for all the individual files to validate.

I've also tidied up the /usr/usr garbage output, and include the official changelog in the package changelog (pacman -Qc cloudflare-warp-bin should now show the proper changelog).

Let me know if anyone has any issues.