Found the issue, apparently this happens with ~/.config/go/env
containing this:
GOPROXY=direct
GOSUMDB=off
So at some point that dependency's v0.2.1
got replaced.
Git Clone URL: | https://aur.archlinux.org/keybase.git (read-only, click to copy) |
---|---|
Package Base: | keybase |
Description: | CLI tool for GPG with keybase.io |
Upstream URL: | https://keybase.io |
Licenses: | BSD-3-Clause |
Submitter: | alerque |
Maintainer: | alerque |
Last Packager: | alerque |
Votes: | 10 |
Popularity: | 0.48 |
First Submitted: | 2024-04-27 13:34 (UTC) |
Last Updated: | 2024-08-31 14:21 (UTC) |
Found the issue, apparently this happens with ~/.config/go/env
containing this:
GOPROXY=direct
GOSUMDB=off
So at some point that dependency's v0.2.1
got replaced.
I just noticed my installation of this package did not update for a long while now due to this:
verifying github.com/butuzov/ireturn@v0.2.1: checksum mismatch
downloaded: h1:QXLHriOCzRI8VN9JPhfDcaaxg3TMFD46n1Pq6Wf5zEw=
go.sum: h1:w5Ks4tnfeFDZskGJ2x1GAkx5gaQV+kdU3NKNr3NEBzY=
SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.
Not sure if that's only the case for me, checking atm.
With major thanks to @intelfx for this PR this package is up and running with Electron 31. Pre-built packages are available in my user repository as usual.
I will add a warning that this is not the version of Electron used in official upstream packaging. It is likely to work, but also likely to have edge cases or small behavioral glitches that are different from other builds. Use at your own risk.
I'll also note as a warning to the unaware that Keybase was purchased and taken over by Zoom Inc., and since then the development work quality has notably declined. For those that evaluated Keybase years ago you might do another evaluation of your threat model and what implications that may have for you.
@alerque OK. It seems keybase 6.3.1 broke something else (it requires electron version in more places), as soon as I figure out the proper solution I'll send a PR.
@intelfx Would you mind submitting your modifications as a PR to this package repo. I'd like to re-evaluate where this is at and if it builds and works I'd like to get it merged here even if upstream hasn't gotten their act together (probably with a warning about using an unsanctioned Electron version).
use https://aur.archlinux.org/packages/keybase-bin instead if you want to spare yourself a 30GB git checkout
I was able to build after applying the patch from @intelfx
Actually electron30 seems to work well enough...
@alerque I patched things up superficially and 6.2.8 seems to run here with electron27; what am I missing?
Pinned Comments
alerque commented on 2024-08-03 09:28 (UTC)
With major thanks to @intelfx for this PR this package is up and running with Electron 31. Pre-built packages are available in my user repository as usual.
I will add a warning that this is not the version of Electron used in official upstream packaging. It is likely to work, but also likely to have edge cases or small behavioral glitches that are different from other builds. Use at your own risk.
I'll also note as a warning to the unaware that Keybase was purchased and taken over by Zoom Inc., and since then the development work quality has notably declined. For those that evaluated Keybase years ago you might do another evaluation of your threat model and what implications that may have for you.