Found the issue, apparently this happens with ~/.config/go/env containing this:
GOPROXY=direct
GOSUMDB=off
So at some point that dependency's v0.2.1 got replaced.
Search Criteria
Package Details: keybase 6.4.0-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/keybase.git (read-only, click to copy) |
|---|---|
| Package Base: | keybase |
| Description: | CLI tool for GPG with keybase.io |
| Upstream URL: | https://keybase.io |
| Licenses: | BSD-3-Clause |
| Submitter: | alerque |
| Maintainer: | alerque |
| Last Packager: | alerque |
| Votes: | 11 |
| Popularity: | 1.30 |
| First Submitted: | 2024-04-27 13:34 (UTC) |
| Last Updated: | 2024-08-31 14:21 (UTC) |
Dependencies (7)
- gnupg (gnupg-gitAUR, gnupg-largekeysAUR)
- git (git-gitAUR, git-glAUR) (make)
- go (go-gitAUR, gcc-go-gitAUR, gcc-go-snapshotAUR, gcc-go) (make)
- jq (jq-gitAUR, jaq-binAUR) (make)
- moreutils (moreutils-go-binAUR) (make)
- yarn (yarn-pnpm-corepackAUR, corepackerAUR, yarn-berryAUR) (make)
- kbfsAUR (keybase-gitAUR, keybase-binAUR) (optional) – for the fuse-based fileystem and the encryption subcommand
Required by (4)
Sources (4)
icedream commented on 2025-03-20 15:31 (UTC)
icedream commented on 2025-03-20 15:26 (UTC) (edited on 2025-03-20 15:26 (UTC) by icedream)
I just noticed my installation of this package did not update for a long while now due to this:
verifying github.com/butuzov/ireturn@v0.2.1: checksum mismatch
downloaded: h1:QXLHriOCzRI8VN9JPhfDcaaxg3TMFD46n1Pq6Wf5zEw=
go.sum: h1:w5Ks4tnfeFDZskGJ2x1GAkx5gaQV+kdU3NKNr3NEBzY=
SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
Not sure if that's only the case for me, checking atm.
alerque commented on 2024-08-03 09:28 (UTC)
With major thanks to @intelfx for this PR this package is up and running with Electron 31. Pre-built packages are available in my user repository as usual.
I will add a warning that this is not the version of Electron used in official upstream packaging. It is likely to work, but also likely to have edge cases or small behavioral glitches that are different from other builds. Use at your own risk.
I'll also note as a warning to the unaware that Keybase was purchased and taken over by Zoom Inc., and since then the development work quality has notably declined. For those that evaluated Keybase years ago you might do another evaluation of your threat model and what implications that may have for you.
intelfx commented on 2024-08-01 21:21 (UTC)
@alerque OK. It seems keybase 6.3.1 broke something else (it requires electron version in more places), as soon as I figure out the proper solution I'll send a PR.
alerque commented on 2024-07-30 08:16 (UTC)
@intelfx Would you mind submitting your modifications as a PR to this package repo. I'd like to re-evaluate where this is at and if it builds and works I'd like to get it merged here even if upstream hasn't gotten their act together (probably with a warning about using an unsanctioned Electron version).
DarwinsBuddy commented on 2024-06-01 10:05 (UTC)
use https://aur.archlinux.org/packages/keybase-bin instead if you want to spare yourself a 30GB git checkout
Rudi9719 commented on 2024-05-25 16:10 (UTC)
I was able to build after applying the patch from @intelfx
intelfx commented on 2024-05-21 19:16 (UTC)
Actually electron30 seems to work well enough...
intelfx commented on 2024-05-21 10:59 (UTC)
@alerque I patched things up superficially and 6.2.8 seems to run here with electron27; what am I missing?
Pinned Comments
alerque commented on 2024-08-03 09:28 (UTC)
With major thanks to @intelfx for this PR this package is up and running with Electron 31. Pre-built packages are available in my user repository as usual.
I will add a warning that this is not the version of Electron used in official upstream packaging. It is likely to work, but also likely to have edge cases or small behavioral glitches that are different from other builds. Use at your own risk.
I'll also note as a warning to the unaware that Keybase was purchased and taken over by Zoom Inc., and since then the development work quality has notably declined. For those that evaluated Keybase years ago you might do another evaluation of your threat model and what implications that may have for you.