Package Details: guitarix-git 0.36.1.r16.g51ba3d2b-1

Git Clone URL: https://aur.archlinux.org/guitarix-git.git (read-only)
Package Base: guitarix-git
Description: A virtual guitar amplifier for Linux
Upstream URL: http://guitarix.sourceforge.net
Keywords: Amplifier Audio Guitar LV2 Simulation Tube
Licenses: GPL
Conflicts: guitarix, guitarix2, gx_head
Provides: guitarix, guitarix2, gx_head
Submitter: None
Maintainer: Gimmeapill
Last Packager: Gimmeapill
Votes: 10
Popularity: 0.000010
First Submitted: 2012-04-13 09:51
Last Updated: 2018-01-25 20:11

Pinned Comments

Gimmeapill commented on 2017-12-03 20:10

This package will automatically retrieve and build the latest development snapshot of Guitarix from git.

It does not need to be updated on every release, so please do not flag out of date unless the build itself breaks or in case of an actual packaging issue.

If you are looking for the latest official release instead, see https://www.archlinux.org/packages/community/x86_64/guitarix2/

Latest Comments

Gimmeapill commented on 2018-01-26 09:06

Builds flags have been updated following upstream changes (see wscript in the src dir.). Noticeable Changes:

  • Mod UI is not build anymore.

  • Package is now way smaller (from ~80MB to ~40MB), probably because of the above.

  • Legacy ladspa plugins are not built anymore (they are unmaintained and will be removed soon).

  • New ladspa plugins are still built, although they are probably going to be deprecated as well (please let upstream know if you use them).

  • Ttf-roboto is now an external dependency since there is an official package.

  • Compiler optimizations should stay the same

Gimmeapill commented on 2018-01-23 12:19

@SpotlightKid: Nah, you're right, I don't remember how it ended up here (possibly a copy paste from the namcap output). Thanks for letting me know ;-)

SpotlightKid commented on 2018-01-23 12:02

Shouldn't 'git' be in makedepends instead of depends? Or is it really needed at run-time?

Gimmeapill commented on 2017-12-03 20:10

This package will automatically retrieve and build the latest development snapshot of Guitarix from git.

It does not need to be updated on every release, so please do not flag out of date unless the build itself breaks or in case of an actual packaging issue.

If you are looking for the latest official release instead, see https://www.archlinux.org/packages/community/x86_64/guitarix2/

Gimmeapill commented on 2017-07-21 09:31

Gents, it looks like there's some trouble ahead, possibly related to an ffmpeg or gcc update: https://linuxmusicians.com/viewtopic.php?f=24&t=17329&p=83295#p83295

In case you notice unexpected sound changes with the latest builds, edit the pkgbuild and replace "--convolver-ffmpeg" with "--includeconvolver" (to bypass the Arch ffmpeg package). The AUR pkgbuild might be updated accordingly once we know more.

Gimmeapill commented on 2017-07-10 17:43

@SpotlightKid: Thanks for the heads up, I'll update shortly.

SpotlightKid commented on 2017-07-10 16:12

I seems the '--no-webkit' waf configure flag has been removed again already.

Gimmeapill commented on 2017-07-02 20:00

Hi Ralf, thanks for following up upstream, I was away for a few days.
The pkgbuild is now updated to explictly disable webkit with the "--no-webkit" flag even if webkitgtk2 is found on the system.
This should clear security concerns.
Not being able to download online presets from within guitarix is indeed an acceptable tradeoff until Hermann decides on a long term fix.

BR,

LX

Ralf_Mardorf commented on 2017-07-01 19:28

Upstream added a "--no-webkit" configuration flag. If you should insist in a hared dependency against webkitgtk2, at least consider to add a commented out "--no-webkit" option.

Unfortunately making it an optional dependency, still would require to make it a build dependency ;).

Uncommenting the webkit flag still would require to remove it manually from the dependency list, but the commented out option at least would call attention.

Ralf_Mardorf commented on 2017-07-01 18:42

Update:

[rocketmouse@archlinux ~]$ sudo pacman -Rss gambas3-gb-qt4-webkit qtwebkit webkitgtk webkitgtk2 typhoon wxsvg dvdstyler xombrero
[sudo] password for rocketmouse:
checking dependencies...

Packages (10) ffmpeg0.10-0.10.16-3 xmlto-0.0.28-1 dvdstyler-3.0.3-1 gambas3-gb-qt4-webkit-3.9.2-1
qtwebkit-2.3.4-5 typhoon-0.8.94-2 webkitgtk-2.4.11-6 webkitgtk2-2.4.11-6 wxsvg-1.5.11-1
xombrero-1.6.4-5
[snip]
[rocketmouse@archlinux ~]$ cd /tmp/
[rocketmouse@archlinux tmp]$ cd /tmp/guitarix2/trunk/
[rocketmouse@archlinux trunk]$ makepkg -s
[snip]
Checking for webkit-1.0 : not found
[snip]

The configuration finished successfully and it started to build, but I manually interrupted it.

IMO it's no option to continue using vulnerably software and upstream is willing to fix the issue:

"[snip] the situation leads me to think about removing the internal browser and use the default browser on the host system instead [snip]" - https://sourceforge.net/p/guitarix/bugs/39/

FWIW I filed a deletion request against https://aur.archlinux.org/packages/webkitgtk2/ :

Ralf_Mardorf [1] filed a deletion request for webkitgtk [2]:

This software is a serious security risk. If necessary ask upstream to
fix hard dependencies to this software.

[1] https://aur.archlinux.org/account/Ralf_Mardorf/
[2] https://aur.archlinux.org/pkgbase/webkitgtk/

Regards,
Ralf

All comments