==> Verifying source file signatures with gpg...
firefox-55.0a1.en-US.linux-x86_64.tar.bz2 ... FAILED (bad signature from public key 1C69C4E55E9905DB)
==> ERROR: One or more PGP signatures could not be verified!
:: failed to verify firefox-nightly integrity
Search Criteria
Package Details: firefox-nightly 129.0a1+20240618.1+h5dabfab7d5a5-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/firefox-nightly.git (read-only, click to copy) |
---|---|
Package Base: | firefox-nightly |
Description: | Fast, Private & Safe Web Browser (Nightly version) |
Upstream URL: | https://www.mozilla.org/firefox/channel/desktop/#nightly |
Keywords: | browser gecko web |
Licenses: | MPL-2.0 |
Submitter: | None |
Maintainer: | heftig |
Last Packager: | heftig |
Votes: | 609 |
Popularity: | 0.30 |
First Submitted: | 2008-09-10 14:23 (UTC) |
Last Updated: | 2024-06-18 10:52 (UTC) |
Dependencies (57)
- alsa-lib
- at-spi2-core (at-spi2-core-gitAUR)
- bash (bash-devel-static-gitAUR, bash-gitAUR, bash-devel-gitAUR, busybox-coreutilsAUR)
- cairo (cairo-gitAUR)
- dbus (dbus-gitAUR, dbus-x11-gitAUR, dbus-selinuxAUR)
- ffmpeg (ffmpeg-intel-full-gitAUR, ffmpeg-nvcodec-11-1-gitAUR, ffmpeg-cudaAUR, ffmpeg-headlessAUR, ffmpeg-ffplayoutAUR, ffmpeg-decklinkAUR, ffmpeg-gitAUR, ffmpeg-libfdk_aacAUR, ffmpeg-obsAUR, ffmpeg-amd-fullAUR, ffmpeg-amd-full-gitAUR, ffmpeg-fullAUR, ffmpeg-full-gitAUR)
- fontconfig (fontconfig-gitAUR, fontconfig-ubuntuAUR)
- freetype2 (freetype2-gitAUR, freetype2-qdoledAUR, freetype2-macosAUR)
- gcc-libs (gcc11-libsAUR, gcc-libs-gitAUR, gccrs-libs-gitAUR, gcc-libs-snapshotAUR)
- gdk-pixbuf2 (gdk-pixbuf2-gitAUR)
- glib2 (glib2-gitAUR, glib2-selinuxAUR, glib2-patched-thumbnailerAUR)
- glibc (glibc-gitAUR, glibc-linux4AUR, glibc-eacAUR, glibc-eac-binAUR)
- gtk3 (gtk3-no_deadkeys_underlineAUR, gtk3-patched-filechooser-icon-viewAUR, gtk3-classic-xfceAUR, gtk3-classicAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR)
- libx11 (libx11-gitAUR)
- libxcb (libxcb-gitAUR)
- libxcomposite
- libxdamage
- libxext (libxext-gitAUR)
- Show 37 more dependencies...
Required by (0)
Sources (5)
Latest Comments
« First ‹ Previous 1 .. 22 23 24 25 26 27 28 29 30 31 32 .. 56 Next › Last »
xuiqzy commented on 2017-03-29 20:25 (UTC)
Looserof7 commented on 2017-03-16 17:30 (UTC) (edited on 2017-03-16 17:35 (UTC) by Looserof7)
@xenom
Upstream URL: doesn't work any more,
This one: https://www.mozilla.org/en-US/firefox/channel/desktop/
or
This one: https://www.mozilla.org/en-US/firefox/desktop/
would be better.
lwinch2006 commented on 2017-03-11 15:17 (UTC)
With this URL (https://archive.mozilla.org/pub/firefox/nightly/latest-mozilla-central/) signature gets successfully verified. 3 URLs that looks pretty the same content have. I already lost in Mozilla's URLs. :-)
noctil commented on 2017-02-19 04:17 (UTC)
@acidicX
Try
gpg --keyserver pgp.mit.edu --recv-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
Archange commented on 2017-02-14 14:46 (UTC)
@acidicX: Please read the full ticket, the issue is not a checksum URL one, it’s a CDN one. The .sig file end up being the same on all the CDN targets, but the .tar.bz file isn’t. There is no key management issue, only a CDN one. The checksum thing it is referring to is a symptom of this just as is the bad signature one.
acidicX commented on 2017-02-14 14:37 (UTC)
> firefox-54.0a1.en-US.linux-x86_64.tar.bz2 ... FAILED (bad signature from public key 1C69C4E55E9905DB)
Why would this be the same issue as the checksum URL problem? Isn't this more of a key management issue?
Archange commented on 2017-02-12 17:03 (UTC)
The source URL is a symptom, the real issue is indeed https://bugzilla.mozilla.org/show_bug.cgi?id=1336732.
di72nn commented on 2017-02-12 16:12 (UTC) (edited on 2017-02-12 16:13 (UTC) by di72nn)
@NoSohoth the PKGBUILD is already updated.
I believe your issue is related to the source URL. Try
https://ftp.mozilla.org/pub/firefox/nightly/latest-mozilla-central/ instead of
https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central/
NoSohoth commented on 2017-02-12 15:44 (UTC) (edited on 2017-02-12 15:58 (UTC) by NoSohoth)
Checksum are finally back, however the .asc and tarball don't match:
==> Verifying source file signatures with gpg...
firefox-54.0a1.en-US.linux-x86_64.tar.bz2 ... FAILED (bad signature from public key 1C69C4E55E9905DB)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build firefox-nightly.
Related to this: https://bugzilla.mozilla.org/show_bug.cgi?id=1305139#c63
This: https://bugzilla.mozilla.org/show_bug.cgi?id=1336732
And this: https://aur.archlinux.org/packages/firefox-dev/#news
For some reason, I get the good .asc when I download it with firefox, but not with wget or makepkg.
xenom commented on 2017-02-11 19:53 (UTC)
Thanks for the updated PKGBUILD.
CHecksum removed in favor of signed tarball.
Pinned Comments
heftig commented on 2022-07-27 22:26 (UTC)
Instead of building this yourself, please use the repository from https://bbs.archlinux.org/viewtopic.php?id=117157.
Not only do you skip the very time-consuming builds, but the published package also has debug symbols at Mozilla's crash reports service, which helps tremendously with finding or filing bugs for any crashes you get.
I consider this the canonical
firefox-nightly
package for Arch Linux.Alternatively, download Firefox Nightly straight from Mozilla, extract it to a writable place (e.g.
~/.local/firefox-nightly
) and let it update itself using the integrated updater.