Arch Linux User Repository

Please note the following additions: # Bug reports can be filed at https://bugs.square-r00t.net/index.php?project=3 # News updates for packages can be followed at https://devblog.square-r00t.net (If you want an RSS-feed only pertaining to my AUR packages, you can subscribe to https://devblog.square-r00t.net/rss/?category=aur in your favourite RSS reader.) Note that you should still use the AUR web interface for flagging packages as out-of-date if a new version is released; the aforementioned bug tracker is to aid in issues with building/packaging/the PKGBUILD formats/etc. specifically. GPG signature "errors" are explained here: https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds Please read; it's not a bug. Thanks!

@ragreener1 thanks for the catch. Upstream seems to be inconsistent with the naming, so I will have to remember to double check future releases. I have restored the versioned path support which was removed in the previous release.

Rel 2 should work for you now.

This currently doesn't build. This fixes it.

From 515021bc048c73f77e5366ce888f3fbae7e15a49 Mon Sep 17 00:00:00 2001
From: Robert Greener <me@r0bert.dev>
Date: Tue, 7 Jun 2022 18:55:41 +0100
Subject: [PATCH] Fix PKGBUILD by changing path

Signed-off-by: Robert Greener <me@r0bert.dev>
---
 PKGBUILD | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index 8b7675c..c0b5346 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,6 +1,7 @@
 # Maintainer: Mike Javorski <mike dot javorski at gmail dot com>
 # Contributor: brent s. <bts[at]square-r00t[dot]net>
 # Contributor: Jochen Schalanda <jochen+aur (at) schalanda.name>
+# Contributor: Robert Greener <me@r0bert.dev>
 pkgname=debianutils
 pkgver=5.7
 pkgrel=1
@@ -13,13 +14,13 @@ source=("http://deb.debian.org/debian/pool/main/d/${pkgname}/${pkgname}_${pkgver
 sha512sums=('79acd8885abca93842d696167171a359011c49a40f38deeb25bc94d62905f95afa3a7b2540d3bd4b0ffd363c5c48a439a1a68139a29d6c033980b019cea75d92')

 build() {
-  cd "${srcdir}/${pkgname}"
+  cd "${srcdir}/${pkgname}-${pkgver}"
   ./configure --prefix=/usr --sbindir=/usr/bin
   make
 }

 package() {
-  cd "${srcdir}/${pkgname}"
+  cd "${srcdir}/${pkgname}-${pkgver}"
   make DESTDIR="$pkgdir" install

   msg 'Remove files of "which" and "run-parts" package...'
-- 
2.36.1

@mardiros did not work when not using a keyserver.

gpg --keyserver pool.sks-keyservers.net --recv 8C004C2F93481F6B

to retrieve the key

Version 4.9.1 results in a 404 error, should be updated to 4.11.2.

fixed... the version disappeared, but upgraded to 4.9 anyways.

This package is not working. http://http.debian.net/debian/pool/main/d/debianutils/debianutils_4.8.6.3.tar.xz gives me a 404 error.

@Quyet

gpg --recv-keys 0x8C004C2F93481F6B

to retrieve the key

@kmeaw - thanks for letting me know about the new release! looks like it's a patch-level release. updated

@Quyet see pinned comment.

I got this error while building: Verifying source file signatures with gpg... debianutils_4.8.6.tar.xz ... FAILED (unknown public key 8C004C2F93481F6B) ==> ERROR: One or more PGP signatures could not be verified!

@dreieck-

thanks! for some reason i was never alerted to new versions, either. so:

• source url fixed (the url= param was checked and works)
• updated to 4.8.6

It cannot download the source anymore. ftp.debian.org has to be changed to http.debian.net (two things: 1. debian.org changed to debian.net, 2. ftp.debian.<tld> needs to be changed to http.debian.<tld>).

Error message:

==> Retrieving sources...
  -> Downloading debianutils_4.8.1.1.tar.xz...
--2018-06-29 11:47:22--  <http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_4.8.1.1.tar.xz>
Resolving ftp.debian.org (ftp.debian.org)... failed: Connection timed out.
wget: unable to resolve host address ‘ftp.debian.org’
==> ERROR: Failure while downloading <http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_4.8.1.1.tar.xz>
    Aborting...

After correcting the source entry, download works.

Please, also check and correct the url=-entry.

Please correct in your AUR package.

@hawkeye- see 2016-06-03 comment. more information: https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds

PGP Error

@miqueldvb- Thanks! Updated and pushed.

=> ERROR: Failure while downloading http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_4.8.tar.xz Aborting... It looks like version 4.8.1 is out

sanerb: I am not miguided, there is no reason to validate your signature on software you are not a part of upstream. If upstream is signing their packages you should use their signature files and it's absolutely no different to add their keys to my own personal keyring (because makepkg doesn't touch pacman's keyring) than it is to use yours. The point of validating signatures is another validation on top of checksums and to verify you're getting what upsteam is intending you to get which using yours means YOU could apply a patch and we could be using something not by the Debian developers. I do not know of any other source packages here (other than perhaps yours) on the AUR that do what you're doing and I will probably bring this up on aur-general and get a TU's opinion. As for the Arch Linux repositories (core, extra, ...), those are binary packages being signed and are irrelevant. I would also like you to look at packages in the ABS, (install abs package and run abs as root) and note that the Arch Linux developers and TUs do not sign source tars in the source packages.

@markzz I think you may be misguided. Arch packages in non-AUR, Arch-supplied repositories are signed- by the packager/maintainer. More and more AUR maintainers are doing the same with their own signatures. Some projects do provide upstream signatures, sure- but it's just as unlikely you'd have the Debian maintainers' pubkeys in your keyring as it is you have mine. (Because otherwise a Base install would have to install the pubkeys for ALL those upstream sigs instead of just the TU's et. al. into pacman's/the system's keyring. And they most certainly do not do that.) The point of signatures in PKGBUILDs is to verify against the packager/maintainers, I'd argue, for the AUR as we have no binary package to distribute. No need to go lambasting this, as I very clearly provide[0] further information on the usability aspect. However, if you disagree, I'd ask why you find it acceptable that Arch maintainers provide signatures of their own rather than upstream, and why this is unacceptable for the AUR. (edited for clarity) [0] https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds

Why, may I ask, are we validating a signature that isn't from upstream? This seems (and most likely is) wrong. The point of signatures is to validate the upstream packager's sigs, not the AUR maintainer's. I would advise users of this PKGBUILD to remove the signature from the sources and sums arrays and just not bother.

Please note the following additions: # Bug reports can be filed at https://bugs.square-r00t.net/index.php?project=3 # News updates for packages can be followed at https://devblog.square-r00t.net (If you want an RSS-feed only pertaining to my AUR packages, you can subscribe to https://devblog.square-r00t.net/rss/?category=aur in your favourite RSS reader.) Note that you should still use the AUR web interface for flagging packages as out-of-date if a new version is released; the aforementioned bug tracker is to aid in issues with building/packaging/the PKGBUILD formats/etc. specifically. GPG signature "errors" are explained here: https://devblog.square-r00t.net/articles/a-note-on-using-gpg-signatures-in-pkgbuilds Please read; it's not a bug. Thanks!

you need to either ignore pgp verification (makepkg --skippgpcheck) or import my key (which can be found at https://square-r00t.net/gpg/bin/personal.gpg - fingerprint is in my AUR profile, i'm also on keybase.io and other keyservers). see https://wiki.archlinux.org/index.php/makepkg#Signature_checking

Build fails on invalid PGP-Signature.