Package Details: lastpass

Git Clone URL: (read-only)
Package Base: lastpass
Description: The Universal LastPass installer for Firefox, Chrome, and Opera
Upstream URL:
Licenses: custom
Submitter: Det
Maintainer: eschwartz
Last Packager: eschwartz
Votes: 90
Popularity: 0.060995
First Submitted: 2013-06-02 17:50
Last Updated: 2019-06-12 04:17

Pinned Comments

eschwartz commented on 2019-04-03 17:17

No, it really isn't bad practice. It is bad practice to fail hard because you have a tightly interwoven dependency on makepkg internals (and the format that is absolutely, positively, guaranteedly documented, since I wrote the documentation). Given I have actually discussed this with one of the lead developers of yay, and my advice to not be vulnerable to breaking for any reason, was accepted, I consider myself justified in adding this.

I did not break yay. I discovered that yay was already broken. I also guaranteed that yay-git now supports upcoming versions of pacman.

Furthermore, the official policy of the AUR is that if an AUR helper does not work, you should use makepkg directly, and if makepkg itself does work, then the problem is automatically with the AUR helper and only the AUR helper.

I am not changing this, and it is not open for debate.

eschwartz commented on 2019-03-31 21:05

I am indeed running an unreleased version of pacman/makepkg, and I'm also the one who added b2sums to pacman in git master (and the pacman-git package I maintain). :p

It's not a problem for old versions of makepkg, as old versions will ignore b2sums and rely exclusively on sha256sums (all you need is at least one valid algorithm) -- you won't get the advantage of collision resistance with multiple algorithms including an SHA-3 contender, but SHA-2 is still pretty good even without using two algorithms for redundancy.

Added: Whether an AUR helper (that I do not test) can correctly handle this does not bother me, since makepkg (the gold standard which I use to test) handles it just fine.

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 ... Next › Last »

becatlibra commented on 2018-07-13 12:51

Currently getting a 404. It appears that 4.15.07 is no longer available

zman0900 commented on 2017-12-19 04:45

Binary component doesn't appear to be working with firefox. I tried deleting ~/.mozilla/firefox/<profile>/extensions/ just to be sure I am using the package provided extension, but the options to copy username or password are still missing. </profile>

In a windows VM using the same versions of firefox and the lastpass extension, installed with the lastpass provided universal installer, the copy options are there, so it seems like this should be working.

eschwartz commented on 2017-10-20 16:05

Oh, uh, whoops.

[eschwartz@arch ~/git/pkgbuilds/lastpass]$ /usr/bin/diff -ur src/lastpass-4.2.0a pkg/lastpass/usr/lib/firefox/browser/extensions/
Binary files src/lastpass-4.2.0a/data/ and pkg/lastpass/usr/lib/firefox/browser/extensions/ differ

So why did this all of a sudden start getting modified during tidy_strip? And I never noticed it when updating this, because my Firefox build has extension signing verification disabled.

Try it now.

jskier commented on 2017-10-20 14:58

This version 4.2.0a-1 appears to have an unverified Firefox extension with it. I put in a support ticket and will follow up if necessary.

eschwartz commented on 2017-08-13 03:20

Whoops, I seem to have forgotten to add that when I switched the packaging logic to what I use in my other Firefox extensions. Fixed now.

nocturnus commented on 2017-08-13 03:09

'unzip' from the Extra Repository should be a dependency of the package, otherwise it will fail to build, due to unzip command usage.

eschwartz commented on 2017-07-17 23:44

I doubt it...

the pkgver is not actually used in the download urls at all, so changing the pkgver and the _chromever accomplishes nothing other than giving the source files a unique local name. So your suggestion is a no-op.
If the files were updated on the Lastpass server, then it would redownload the same *unversioned* URLs under an updated local name, and update the checksums if relevant... but that is a no-op at the moment as well.

Additionally, the chrome browser extension is downloaded and updated by Chrome itself, since Chrome doesn't do locally-installed global extensions like Firefox does -- all that this package does is install a policy file telling Chrome to install lastpass on its own.

The native messaging binary is installed, as per the official Lastpass universal installer, from their universal installer tarball (and the webstore doesn't contain at all). The opera plugin is installed, again as per the official installer script, from the unversioned CRX hosted on their website, which does have a and is also behind the Chrome webstore version -- I have no idea why.
(But then again, the release notes say the latest Chrome webstore version is 4.1.55 and the latest Firefox version is 4.1.53 and apparently neither are true.)

I have just double-checked and none of the (unversioned) source files have been updated, so this package should still be valid. If there was an update, then either the checksums would fail, or I would change the _amo_file ID in order to download the new version of the Firefox extension.
(I have a convenience script for the Firefox extension, see ./


So given that nothing which you described should have fixed anything, I am not sure what the problem is or how you expect me to fix it.
Maybe restarting Chrome caused it to fix itself?

bsdfirst commented on 2017-07-17 23:13

Firstly thanks!

Secondly, the package doesn't work against the current (4.1.60) version of the Chrome extension. It is just silently ignored. I made the following changes:


And then ran `updpkgsums`. The package built cleanly and is now detected properly by the Chrome browser extension.

(For those playing at home, this can be checked under Lastpass [icon] -> More Options -> About Lastpass.)

Det commented on 2017-06-06 14:28

"massive cleanup of pretty much every possible bad practice a maintainer can do. :("

Awww. :-D

toniopelo commented on 2017-05-13 09:29

lpchrome_linux_4.1.51 fail the md5sums check.
Unable to build the package.