@mardiros did not work when not using a keyserver.
gpg --keyserver pool.sks-keyservers.net --recv 8C004C2F93481F6B
to retrieve the key
Search Criteria
Package Details: debianutils 4.11.2-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/debianutils.git (read-only, click to copy) |
|---|---|
| Package Base: | debianutils |
| Description: | Miscellaneous utilities specific to Debian |
| Upstream URL: | http://packages.qa.debian.org/d/debianutils.html |
| Licenses: | GPL |
| Submitter: | sanerb |
| Maintainer: | javmorin (sanerb) |
| Last Packager: | javmorin |
| Votes: | 7 |
| Popularity: | 0.000104 |
| First Submitted: | 2015-08-25 00:00 (UTC) |
| Last Updated: | 2020-11-21 01:24 (UTC) |
Required by (3)
Sources (1)
Latest Comments
Ashark commented on 2020-11-16 07:52 (UTC)
fspreck commented on 2020-11-11 12:06 (UTC)
Version 4.9.1 results in a 404 error, should be updated to 4.11.2.
sanerb commented on 2019-10-10 03:57 (UTC)
fixed... the version disappeared, but upgraded to 4.9 anyways.
whizsid commented on 2019-10-09 19:56 (UTC)
This package is not working. http://http.debian.net/debian/pool/main/d/debianutils/debianutils_4.8.6.3.tar.xz gives me a 404 error.
mardiros commented on 2019-05-07 13:58 (UTC)
@Quyet
gpg --recv-keys 0x8C004C2F93481F6B
to retrieve the key
sanerb commented on 2019-02-26 17:27 (UTC)
@kmeaw - thanks for letting me know about the new release! looks like it's a patch-level release. updated
sanerb commented on 2019-01-19 20:18 (UTC)
@Quyet see pinned comment.
Quyet commented on 2019-01-19 05:55 (UTC)
I got this error while building: Verifying source file signatures with gpg... debianutils_4.8.6.tar.xz ... FAILED (unknown public key 8C004C2F93481F6B) ==> ERROR: One or more PGP signatures could not be verified!
sanerb commented on 2018-06-29 13:12 (UTC)
@dreieck-
thanks! for some reason i was never alerted to new versions, either. so:
- source url fixed (the url= param was checked and works)
- updated to 4.8.6
dreieck commented on 2018-06-29 09:55 (UTC) (edited on 2018-06-29 09:57 (UTC) by dreieck)
It cannot download the source anymore. ftp.debian.org has to be changed to http.debian.net (two things: 1. debian.org changed to debian.net, 2. ftp.debian.<tld> needs to be changed to http.debian.<tld>).
Error message:
==> Retrieving sources...
-> Downloading debianutils_4.8.1.1.tar.xz...
--2018-06-29 11:47:22-- <http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_4.8.1.1.tar.xz>
Resolving ftp.debian.org (ftp.debian.org)... failed: Connection timed out.
wget: unable to resolve host address ‘ftp.debian.org’
==> ERROR: Failure while downloading <http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_4.8.1.1.tar.xz>
Aborting...
After correcting the source entry, download works.
Please, also check and correct the url=-entry.
Please correct in your AUR package.
sanerb commented on 2017-04-17 21:52 (UTC)
@hawkeye-
see 2016-06-03 comment. more information:
https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds
hawkeye116477 commented on 2017-04-17 19:31 (UTC)
PGP Error
sanerb commented on 2016-12-02 03:12 (UTC)
@miqueldvb-
Thanks! Updated and pushed.
gypaetus commented on 2016-12-01 22:39 (UTC)
=> ERROR: Failure while downloading http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_4.8.tar.xz
Aborting...
It looks like version 4.8.1 is out
markzz commented on 2016-09-08 11:12 (UTC) (edited on 2016-09-08 11:14 (UTC) by markzz)
sanerb: I am not miguided, there is no reason to validate your signature on software you are not a part of upstream. If upstream is signing their packages you should use their signature files and it's absolutely no different to add their keys to my own personal keyring (because makepkg doesn't touch pacman's keyring) than it is to use yours. The point of validating signatures is another validation on top of checksums and to verify you're getting what upsteam is intending you to get which using yours means YOU could apply a patch and we could be using something not by the Debian developers.
I do not know of any other source packages here (other than perhaps yours) on the AUR that do what you're doing and I will probably bring this up on aur-general and get a TU's opinion.
As for the Arch Linux repositories (core, extra, ...), those are binary packages being signed and are irrelevant.
I would also like you to look at packages in the ABS, (install abs package and run abs as root) and note that the Arch Linux developers and TUs do not sign source tars in the source packages.
sanerb commented on 2016-09-04 22:45 (UTC) (edited on 2016-09-04 22:56 (UTC) by sanerb)
@markzz
I think you may be misguided.
Arch packages in non-AUR, Arch-supplied repositories are signed- by the packager/maintainer. More and more AUR maintainers are doing the same with their own signatures. Some projects do provide upstream signatures, sure- but it's just as unlikely you'd have the Debian maintainers' pubkeys in your keyring as it is you have mine. (Because otherwise a Base install would have to install the pubkeys for ALL those upstream sigs instead of just the TU's et. al. into pacman's/the system's keyring. And they most certainly do not do that.)
The point of signatures in PKGBUILDs is to verify against the packager/maintainers, I'd argue, for the AUR as we have no binary package to distribute. No need to go lambasting this, as I very clearly provide[0] further information on the usability aspect. However, if you disagree, I'd ask why you find it acceptable that Arch maintainers provide signatures of their own rather than upstream, and why this is unacceptable for the AUR.
(edited for clarity)
[0] https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds
markzz commented on 2016-09-04 22:30 (UTC) (edited on 2016-09-04 22:30 (UTC) by markzz)
Why, may I ask, are we validating a signature that isn't from upstream? This seems (and most likely is) wrong.
The point of signatures is to validate the upstream packager's sigs, not the AUR maintainer's.
I would advise users of this PKGBUILD to remove the signature from the sources and sums arrays and just not bother.
sanerb commented on 2016-06-26 04:31 (UTC) (edited on 2017-09-01 22:44 (UTC) by sanerb)
Please note the following additions:
# Bug reports can be filed at https://bugs.square-r00t.net/index.php?project=3
# News updates for packages can be followed at https://devblog.square-r00t.net
(If you want an RSS-feed only pertaining to my AUR packages, you can subscribe to https://devblog.square-r00t.net/rss/?category=aur in your favourite RSS reader.)
Note that you should still use the AUR web interface for flagging packages as out-of-date if a new version is released; the aforementioned bug tracker is to aid in issues with building/packaging/the PKGBUILD formats/etc. specifically.
GPG signature "errors" are explained here:
https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds
Please read; it's not a bug.
Thanks!
sanerb commented on 2016-06-03 19:26 (UTC)
you need to either ignore pgp verification (makepkg --skippgpcheck) or import my key (which can be found at https://square-r00t.net/gpg/bin/personal.gpg - fingerprint is in my AUR profile, i'm also on keybase.io and other keyservers).
see https://wiki.archlinux.org/index.php/makepkg#Signature_checking
project0 commented on 2016-05-23 13:30 (UTC)
Build fails on invalid PGP-Signature.
Pinned Comments
sanerb commented on 2016-06-26 04:31 (UTC) (edited on 2017-09-01 22:44 (UTC) by sanerb)