Arch Linux User Repository

This currently fails to build because it ultimately downloads a "foobar2000_v1.6.9.exe" file where "foobar2000_v1.6.8.exe" is expected:

==> Validating source files with sha256sums...
    foobar2000_v1.6.8.exe ... NOT FOUND
    LICENSE ... Passed
    foobar2000.sh ... Passed
    foobar2000.png ... Passed
    foobar2000.desktop ... Passed
==> ERROR: One or more files did not pass the validity check!

I've found that with wine 6.21 or 6.22 that foobar2000 fails to start: 6.21 0270:err:module:ntdll_init_syscalls syscall count mismatch 0 / 79 6.22 0238:err:module:ntdll_init_syscalls syscall count mismatch 0 / 96

If I rollback Wine to 6.17, it starts fine. I tried with a fresh wineprefix and the behavior was the same.

Has anyone encountered similar?

wget doesn't work directly on the /getfile/ URLs, it just retrieves a redirect page that usually contains a server side generated random ad for one of Spoon's many software products that Peter links to, because he also works for Spoon, who is indirectly sponsoring the development. The actual link is included in the page, which is the same filename on the /files/ path. The makepkg system follows the redirect just fine, somehow. Or maybe it doesn't.

@BachoSeven generally this means something sketchy is happening. I'd suggest try uploading these files to VirusTotal, also check what certificate is presented in browser when you visit foobar2000.org.

@magicgoose I just did this:

Applied only edits 1: and 3: of your last comment (so the old url which doesn't specify which specific binary to get), and then built the package and I get the following sha256sum:

3aaa3b8d464710a26df89f8a32bbb8e5f5db1a830e1900a2f4a98b2ef66ccd66  foobar2000_v1.6.8.exe

As far as I can tell, wget said it was using HTTPS successfully

And as I mentioned earlier, if I delete the .exe and makepkg -s again, I get different sum:

895af8d018c7ec224db65ae25c2e4e03f76d8dc3eae973b309abd72a7f5d1d13  foobar2000_v1.6.8.exe

I just downloaded it 3 times and got 3 different sha-256 sums... what's going on

That's odd. I couldn't reproduce that from my connection. Was it without HTTPS errors all 3 times? What was the URL? Can you post these sums? (that way, later there's a chance people can compare if it matches any known malware, etc)
Any chance that these were incomplete downloads?

could you paste the updated PKGBUILD?

That would be too big for a comment. But there are just 3 edits:
1: Line 4, the one starting with pkgver= -- change to pkgver=1.6.8
2: Line 12, the one starting with source= -- change to source=("foobar2000_v$pkgver.exe::https://www.foobar2000.org/getfile/foobar2000_v$pkgver.exe"
3: Line 18, the one starting with sha256sums= -- change to sha256sums=('679ecdb3304e2fcefb7b5e087fba527e3a5921fcdbc24b4093bee05ab0fec7a0'

After that, it successfully built and installed for me.
(The only remaining issue is with missing wineprefix folder, I created it manually but didn't fix it in PKGBUILD. I don't have permissions to contribute anyway. But if author invited me, that would be cool btw. I did ask some time ago, but didn't get a response sadly.)

could you paste the updated PKGBUILD?

@magicgoose I just downloaded it 3 times and got 3 different sha-256 sums... what's going on

SHA-256 of the latest release (1.6.8) that I downloaded just now: 679ecdb3304e2fcefb7b5e087fba527e3a5921fcdbc24b4093bee05ab0fec7a0

Would it be cool (legally, etc) to change the source to the versioned URL? I just checked and it works just fine:

"foobar2000_v$pkgver.exe::https://www.foobar2000.org/getfile/foobar2000_v$pkgver.exe"