Package Details: coturn-babysitter 0.0.3-2

Git Clone URL: https://aur.archlinux.org/coturn-babysitter.git (read-only, click to copy)
Package Base: coturn-babysitter
Description: coturn configuration rewriter and service reloader
Upstream URL: https://www.eomanis.dedyn.io/permshare/coturn-babysitter/
Keywords: coturn dynamic turnserver videochat webrtc
Licenses: GPL-3.0-only
Submitter: eomanis
Maintainer: eomanis
Last Packager: eomanis
Votes: 0
Popularity: 0.000000
First Submitted: 2025-12-27 22:16 (UTC)
Last Updated: 2026-01-15 21:21 (UTC)

Latest Comments

vitaliikuzhdin commented on 2026-01-18 09:59 (UTC) (edited on 2026-01-23 12:52 (UTC) by vitaliikuzhdin)

@eomanis, ah right, sorry. I'm not near my PC, so I'm typing this from my phone.

eomanis commented on 2026-01-15 21:28 (UTC)

Added PGP file integrity check.

N. B. The correct name for the array variable with PGP fingerprints is validpgpkeys, not validopenpgpkeys.

vitaliikuzhdin commented on 2026-01-15 10:42 (UTC)

@eomanis, you need to add:

validopenpgpkeys=(
  'F57637E9E5C28F91EE64277B603EEF8FE0A99498' # eomanis <eomanis@web.de>
)

Optionally, you can also follow what the official packages do:

mkdir -p keys/pgp
gpg --export F57637E9E5C28F91EE64277B603EEF8FE0A99498 > keys/pgp/F57637E9E5C28F91EE64277B603EEF8FE0A99498.asc

eomanis commented on 2026-01-14 22:01 (UTC)

I've got to read up on the PGP key thing because I could not get it to work properly.

What I have tried in the PKGBUILD:

source=("https://www.eomanis.dedyn.io/permshare/coturn-babysitter/coturn-babysitter-${_pkgverUpstream}.tar.gz"
        "https://www.eomanis.dedyn.io/permshare/coturn-babysitter/coturn-babysitter-${_pkgverUpstream}.tar.gz.asc")
sha384sums=('bb25634191e2053a83de6493a74eacf9de3d68048a34fbda67f6cd982d2e6b84965c088dad4e29803f45d2558324cbf0'
            'SKIP')

How it turned out:

[builduser@the-system coturn-babysitter]$ makepkg --force --clean
==> Making package: coturn-babysitter 0.0.3-2 (Mi 14 Jan 2026 22:51:37 CET)
(...)
==> Verifying source file signatures with gpg...
    coturn-babysitter-0.0.3.tar.gz ... FAILED (unknown public key 5F3CC162EF4678E2)
==> ERROR: One or more PGP signatures could not be verified!

[builduser@the-system coturn-babysitter]$ gpg --recv-keys 0x5F3CC162EF4678E2
gpg: key 603EEF8FE0A99498: public key "eomanis <eomanis@web.de>" imported
gpg: Total number processed: 1
gpg:               imported: 1

[builduser@the-system coturn-babysitter]$ makepkg --force --clean
==> Making package: coturn-babysitter 0.0.3-2 (Mi 14 Jan 2026 22:52:09 CET)
(...)
==> Verifying source file signatures with gpg...
    coturn-babysitter-0.0.3.tar.gz ... FAILED (the public key F57637E9E5C28F91EE64277B603EEF8FE0A99498 is not trusted)
==> ERROR: One or more PGP signatures could not be verified!

If that is because the release archive is signed with a subkey instead of the primary PGP key then this won't mesh very well with my signing process. I have the primary PGP key in offline storage and only access it every few months to re-sign the subkeys.

vitaliikuzhdin commented on 2026-01-13 20:22 (UTC)

Please also source the .asc signatures.