Package Details: firefox-nightly 54.0a1.20170124-2

Git Clone URL: https://aur.archlinux.org/firefox-nightly.git (read-only)
Package Base: firefox-nightly
Description: Standalone web browser from mozilla.org, nightly build
Upstream URL: http://www.mozilla.org/projects/firefox
Keywords: firefox web_browser
Licenses: GPL, MPL, LGPL
Submitter: None
Maintainer: xenom
Last Packager: xenom
Votes: 455
Popularity: 2.869823
First Submitted: 2008-09-10 14:23
Last Updated: 2017-02-11 19:51

Latest Comments

noctil commented on 2017-02-19 04:17

@acidicX

Try

gpg --keyserver pgp.mit.edu --recv-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353

ArchangeGabriel commented on 2017-02-14 14:46

@acidicX: Please read the full ticket, the issue is not a checksum URL one, it’s a CDN one. The .sig file end up being the same on all the CDN targets, but the .tar.bz file isn’t. There is no key management issue, only a CDN one. The checksum thing it is referring to is a symptom of this just as is the bad signature one.

acidicX commented on 2017-02-14 14:37

> firefox-54.0a1.en-US.linux-x86_64.tar.bz2 ... FAILED (bad signature from public key 1C69C4E55E9905DB)

Why would this be the same issue as the checksum URL problem? Isn't this more of a key management issue?

ArchangeGabriel commented on 2017-02-12 17:03

The source URL is a symptom, the real issue is indeed https://bugzilla.mozilla.org/show_bug.cgi?id=1336732.

di72nn commented on 2017-02-12 16:12

@NoSohoth the PKGBUILD is already updated.
I believe your issue is related to the source URL. Try
https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/ instead of
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central/

NoSohoth commented on 2017-02-12 15:44

Checksum are finally back, however the .asc and tarball don't match:

==> Verifying source file signatures with gpg...
firefox-54.0a1.en-US.linux-x86_64.tar.bz2 ... FAILED (bad signature from public key 1C69C4E55E9905DB)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build firefox-nightly.

Related to this: https://bugzilla.mozilla.org/show_bug.cgi?id=1305139#c63
This: https://bugzilla.mozilla.org/show_bug.cgi?id=1336732
And this: https://aur.archlinux.org/packages/firefox-dev/#news

For some reason, I get the good .asc when I download it with firefox, but not with wget or makepkg.

xenom commented on 2017-02-11 19:53

Thanks for the updated PKGBUILD.
CHecksum removed in favor of signed tarball.

ArchangeGabriel commented on 2017-02-11 17:31

Checksum are indeed back, and the issue remains open only because it’s not fixed in aurora channel (just nightly one).

However, I would advise removing them altogether in favour of the signed tarball, checksum serve no purpose anymore then.

di72nn commented on 2017-02-10 22:06

Updated PKGBUILD: https://gist.github.com/di72nn/40b64a133679bf424444a00fe14d8301
No more hacks with manual checksum checks: there is a signature for the archive file.

P. S.: I didn't get into details, but the upstream issue is still open.

x-f commented on 2017-02-10 20:14

Looks like checksums are back, but format/lines changed and not -eq 2

All comments