Package Details: innoextract 1.6-1

Git Clone URL: https://aur.archlinux.org/innoextract.git (read-only)
Package Base: innoextract
Description: A tool to extract installers created by Inno Setup
Upstream URL: http://constexpr.org/innoextract/
Keywords: extract tool
Licenses: zlib
Submitter: dscharrer
Maintainer: carstene1ns
Last Packager: carstene1ns
Votes: 67
Popularity: 1.416881
First Submitted: 2012-03-25 01:04
Last Updated: 2016-03-28 21:29

Dependencies (4)

Required by (16)

Sources (2)

Pinned Comments

carstene1ns commented on 2015-08-09 09:53

@ArnaudNux: For security reasons you need to manually download and trust the signature keys by default.
Please read [1] and maybe [2] for further information. You have 3 choices:
1) ignore signatures (bad, insecure)
$ makepkg --skippgpcheck
2) setup gpg correctly to automatically download specified keys:
$ echo "keyserver-options auto-key-retrieve" >> ~/.gnupg/gpg.conf
3) download every key manually:
$ gpg --recv-key <KEYID>

[1]: https://wiki.archlinux.org/index.php/Makepkg#Signature_checking
[2]: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

Latest Comments

KaoticEvil commented on 2016-06-27 21:12

FTR, the key ID is D7E1DEC9 (because I couldn't find it on the key server using 28555A66D7E1DEC9). Found it on https://pgp.mit.edu/

carstene1ns commented on 2016-06-16 14:20

> the package doesn't compile without changing the sha256 values for the files and doing makepkg --skippgpcheck because the pgp is out of date.

@hidekin: I have re-downloaded and checked the files, everything is correct.
Please make sure you are not behind some proxy.

hollunder commented on 2016-04-11 08:13

Thanks carstene1ns, it works now.
I have my doubts that this new mechanism actually makes anything more secure.

carstene1ns commented on 2016-04-05 14:41

@hollunder: See my pinned comment and setup your system correctly.

hollunder commented on 2016-04-05 14:35

==> Validating source files with sha256sums...
innoextract-1.6.tar.gz ... Passed
innoextract-1.6.tar.gz.sig ... Skipped
==> Verifying source file signatures with gpg...
innoextract-1.6.tar.gz ... FAILED (unknown public key 28555A66D7E1DEC9)
==> ERROR: One or more PGP signatures could not be verified!

carstene1ns commented on 2016-03-28 21:31

Thanks, @dscharrer and @oaken-source! Updated to 1.6.

dscharrer commented on 2016-03-24 23:52

I just released innoextract 1.6 so the patch should not longer be needed after the package is updated.

oaken-source commented on 2016-03-24 14:13

This package does not build in the current version using the latest cmake-3.5

Can be fixed using a patch from version 1.6 as referenced here:
https://github.com/dscharrer/innoextract/issues/50

I created a patch for the pkgbuild and pastebin'd it:
http://pastebin.com/d9RTgDGh

Tsynique commented on 2015-12-26 17:14

Solution to signature problem: https://bbs.archlinux.org/viewtopic.php?pid=1488714#p1488714

carstene1ns commented on 2015-09-28 08:48

ArnaudNux: Did you read my answer to you from 2015-08-09 09:53?
Even if you deleted your almost identical comment, the answer is still valid.

All comments