Package Details: firefox-nightly 129.0a1+20240618.1+h5dabfab7d5a5-1

Git Clone URL: https://aur.archlinux.org/firefox-nightly.git (read-only, click to copy)
Package Base: firefox-nightly
Description: Fast, Private & Safe Web Browser (Nightly version)
Upstream URL: https://www.mozilla.org/firefox/channel/desktop/#nightly
Keywords: browser gecko web
Licenses: MPL-2.0
Submitter: None
Maintainer: heftig
Last Packager: heftig
Votes: 609
Popularity: 0.27
First Submitted: 2008-09-10 14:23 (UTC)
Last Updated: 2024-06-18 10:52 (UTC)

Dependencies (57)

Required by (0)

Sources (5)

Pinned Comments

heftig commented on 2022-07-27 22:26 (UTC)

Instead of building this yourself, please use the repository from https://bbs.archlinux.org/viewtopic.php?id=117157.

Not only do you skip the very time-consuming builds, but the published package also has debug symbols at Mozilla's crash reports service, which helps tremendously with finding or filing bugs for any crashes you get.

I consider this the canonical firefox-nightly package for Arch Linux.

[heftig]
SigLevel = Optional
Server = https://pkgbuild.com/~heftig/repo/$arch

Alternatively, download Firefox Nightly straight from Mozilla, extract it to a writable place (e.g. ~/.local/firefox-nightly) and let it update itself using the integrated updater.

Latest Comments

« First ‹ Previous 1 .. 24 25 26 27 28 29 30 31 32 33 34 .. 56 Next › Last »

di72nn commented on 2016-11-05 06:56 (UTC)

@leitecarvalho you don't need to explicitly trust the key, makepkg handles it for you. An excerpt from wiki (https://wiki.archlinux.org/index.php/PKGBUILD): validpgpkeys An array of PGP fingerprints. If used, makepkg will only accept signatures from the keys listed here and will ignore the trust values from the keyring. I'm not sure about your trustdb issues. My personal preference is to have a separate GNUPGHOME for makepkg and export it for package building.

pcarvalho commented on 2016-11-05 01:26 (UTC)

i had to follow the instruction on the link you provided: $ gpg --keyserver pgp.mit.edu --recv-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353 $ gpg --lsign 14F26682D0916CDD81E37B6D61B7B526D98F0353 ( I also had to rebuild trustdb.gpg after the first run of gpg --lsign. gpg: lookup_hashtable failed: Unknown system error gpg: trustdb: searching trust record failed: Unknown system error gpg: Error: The trustdb is corrupted. gpg: You may try to re-create the trustdb using the commands: gpg: cd ~/.gnupg gpg: gpg --export-ownertrust > otrust.tmp gpg: rm trustdb.gpg gpg: gpg --import-ownertrust < otrust.tmp gpg: If that does not work, please consult the manual After this, i ran the both commands again, and this error was gone: ==> Verifying source file signatures with gpg... firefox-52.0a1.en-US.linux-x86_64.checksums ... FAILED ==> ERROR: One or more PGP signatures could not be verified! ==> ERROR: Makepkg was unable to build firefox-nightly

michabuntu commented on 2016-06-09 16:51 (UTC)

yeah, that worked thanks

blitz commented on 2016-06-07 15:29 (UTC)

Upstream URL: http://www.mozilla.org/projects/firefox 404 Page not found Whoops! Did you make a left at that last URL instead of a right?

di72nn commented on 2016-06-07 14:29 (UTC)

@michabuntu > Found firefox-49.0a1.en-US.linux-x86_64.tar.bz2 > Found firefox-49.0a1.en-US.linux-x86_64.txt > Found firefox-49.0a1.en-US.linux-x86_64.checksums > Found firefox-49.0a1.en-US.linux-x86_64.checksums.asc and > 49.0a1.20160501-1 suggest that you have outdated sources (probably dated as `20160501` -_- ). Try: rm firefox-49.0a1.en-US.linux-* && makepkg

michabuntu commented on 2016-06-07 13:34 (UTC) (edited on 2016-06-07 13:43 (UTC) by michabuntu)

==> Making package: firefox-nightly 49.0a1.20160604-2 (Tue Jun 7 15:33:21 CEST 2016) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found firefox-nightly.desktop -> Found firefox-nightly-safe.desktop -> Found vendor.js -> Found firefox-49.0a1.en-US.linux-x86_64.tar.bz2 -> Found firefox-49.0a1.en-US.linux-x86_64.txt -> Found firefox-49.0a1.en-US.linux-x86_64.checksums -> Found firefox-49.0a1.en-US.linux-x86_64.checksums.asc ==> Validating source files with sha512sums... firefox-nightly.desktop ... Passed firefox-nightly-safe.desktop ... Passed vendor.js ... Passed firefox-49.0a1.en-US.linux-x86_64.tar.bz2 ... Skipped firefox-49.0a1.en-US.linux-x86_64.txt ... Skipped firefox-49.0a1.en-US.linux-x86_64.checksums ... Skipped firefox-49.0a1.en-US.linux-x86_64.checksums.asc ... Skipped ==> Verifying source file signatures with gpg... firefox-49.0a1.en-US.linux-x86_64.checksums ... Passed ==> Extracting sources... -> Extracting firefox-49.0a1.en-US.linux-x86_64.tar.bz2 with bsdtar ==> Starting prepare()... ==> Verifying checksums... firefox-49.0a1.en-US.linux-x86_64.tar.bz2: FAILED firefox-49.0a1.en-US.linux-x86_64.txt: FAILED sha512sum: WARNING: 2 computed checksums did NOT match ==> ERROR: A failure occurred in prepare(). Aborting... The build failed. So, the first check from makepkg is okay and the new extra build in one, now fails? And it is not upgrading but downgrading from 49.0a1.20160502-1 to 49.0a1.20160501-1

di72nn commented on 2016-06-05 03:53 (UTC)

@parkerlreed, https://gpg.mozilla.org/pks/lookup?op=get&search=0x61B7B526D98F0353 https://pgp.mit.edu/pks/lookup?op=get&search=0x61B7B526D98F0353 https://ftp.mozilla.org/pub/firefox/releases/45.1.1esr/KEY and a blog post: http://hearsum.ca/blog/mozilla-software-release-gpg-key-transition.html 1C69C4E55E9905DB is a subkey, you don't need to import it explicitly. I also included a comment in the proposed PKGBUILD: gpg --keyserver pgp.mit.edu --recv-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353 but you should verify it yourself.

parkerlreed commented on 2016-06-04 22:23 (UTC)

If we do want to use gpg verification, what keyserver is it on? ==> Validating source files with sha512sums... firefox-nightly.desktop ... Passed firefox-nightly-safe.desktop ... Passed vendor.js ... Passed firefox-49.0a1.en-US.linux-x86_64.tar.bz2 ... Skipped firefox-49.0a1.en-US.linux-x86_64.txt ... Skipped firefox-49.0a1.en-US.linux-x86_64.checksums ... Skipped firefox-49.0a1.en-US.linux-x86_64.checksums.asc ... Skipped ==> Verifying source file signatures with gpg... firefox-49.0a1.en-US.linux-x86_64.checksums ... FAILED (unknown public key 1C69C4E55E9905DB) ==> ERROR: One or more PGP signatures could not be verified!

xenom commented on 2016-05-29 08:59 (UTC)

Thanks for the suggestions. I will look at it in details soon.

di72nn commented on 2016-05-26 20:51 (UTC) (edited on 2016-05-26 20:55 (UTC) by di72nn)

Hello xenom. I propose some changes: https://gist.github.com/di72nn/40b64a133679bf424444a00fe14d8301 * Use GPG-verificataion by default (currently: if we download checksums from the same source as binaries, we can't guarantee any security). * Get build date from "${_file}-${CARCH}.txt" (the date format does not change). * Make use of $CARCH variable to get rid of duplicated code. Getting GPG and checksums verification is a bit tricky: in this case the checksums file contains a bunch of different checksums so we probably can't tell makepkg to use it. Hence, I use makepkg to verify GPG signature, then manually verify files by that GPG-verified checksums file (er, by "manually" I mean: with PKGBUILD code, not with makepkg functionality). (I'm aware that PKGBUILD already contains commented out part that allows to verify checksums file, but that checksums file is not really used to check anything since sha512sums array is populated with another curl request). Oh, and if somebody for some weird reason does not want to use GPG-verification, it can be easily skipped with --skippgpcheck.

« First ‹ Previous 1 .. 24 25 26 27 28 29 30 31 32 33 34 .. 56 Next › Last »