Package Details: jalview 2.10.3-4

Git Clone URL: https://aur.archlinux.org/jalview.git (read-only)
Package Base: jalview
Description: Bioinformatics Multiple Alignment Editor
Upstream URL: http://www.jalview.org/
Licenses: GPL3
Submitter: semi
Maintainer: semi (sebstar)
Last Packager: sebstar
Votes: 11
Popularity: 1.134425
First Submitted: 2011-09-01 15:08
Last Updated: 2018-05-05 16:34

Required by (0)

Sources (53)

Latest Comments

iosonofabio commented on 2018-05-31 22:02

outdated sha256sums:

jalview.jar: a7d39e0635db898ab1526e667bf0d0b8f6b90ce6267cfe3c8e4015fdfaed7947

jalview_jnlp_vm.jar: d20da415c23252ce1df138ec1becfd7b4f3b3c8770c1c1040e870867fcd9a4a8

sebstar commented on 2018-05-05 16:35

thanks for the script! I bumped the package to pkgrel 4. Oddly, I had to remove the leading ../ in front of the source files for the install commands.

squirrel42 commented on 2018-01-26 22:09

All of the .jar files currently fail the validity check for me.

semi commented on 2018-01-07 14:53

Updated to 2.10.3 - Sorry for the long delay.

@sebstar Agreed about your security concerns. There is now a python script included in the repo that will inspect the JNLP file, download the JARs, compute checksums and update the PKGBUILD with the new checksums and URLs. I've also switched to a less bruteforceable SHA256.

Rhinoceros commented on 2018-01-07 11:39

Bump. If there's no response, I'll file an orphan request and fix it myself.

Rhinoceros commented on 2017-10-26 01:15

jalview.jnlp is failing the checksum for me. Is anyone else having this problem? I tried downloading it several times.

sebstar commented on 2017-05-13 12:04

@semi, thank you. There's a couple more problems that we should address:
1) We don't use https. Well, we can't at the moment, because jalview.org has an invalid certificate for their domain. I wrote them to please fix their certificate. Hosting jars over http is ridiculously dangerous in today's environment.
2) Ditch md5 and generate SHA256 and SHA512 checksums.
3) Instead of dynamically generating the list of jars to download with xmlstarlet, actually put this list in the source array. Makes the package more secure, as all jars' checksums would be included.

semi commented on 2017-05-13 10:39

@sebstar, I've added you as a Co-maintainer if you are interested

semi commented on 2017-05-13 10:38

Finally updated with thanks to @sebstar

eNauz commented on 2017-04-21 07:00

@sebstar
Thank you, this worked like a charm!

All comments