Package Details: lib32-libmng 2.0.3-1

Git Clone URL: https://aur.archlinux.org/lib32-libmng.git (read-only)
Package Base: lib32-libmng
Description: A collection of routines used to create and manipulate MNG format graphics files (32-bit)
Upstream URL: http://www.libmng.com/
Licenses: custom
Submitter: arojas
Maintainer: WoefulDerelict
Last Packager: WoefulDerelict
Votes: 44
Popularity: 7.179078
First Submitted: 2017-02-09 20:37
Last Updated: 2017-02-18 19:11

Pinned Comments

WoefulDerelict commented on 2017-02-18 19:13

This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developer's located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver
This article also contains helpful information describing the installation of GnuPG, its configuration and usage.

Execute the following to import keys using gpg:
gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>

Latest Comments

WoefulDerelict commented on 2017-09-28 16:59

slackman: Unfortunately SourceForge can be a tad unreliable. This is; however, where the project is hosted and where the package in [Extra] also fetches the source from. At present one encounters no issues when fetching the source and signature from SourceForge.

slackman commented on 2017-09-26 15:45

The http://downloads.sourceforge.net/sourceforge/libmng/libmng-2.0.3.tar.xz file doesn't work anymore! I had to copy it manually from the link bottom.

https://ftp.osuosl.org/pub/blfs/conglomeration/libmng/

WoefulDerelict commented on 2017-03-06 16:39

lightdot: With a whole lot of luck this won't need updating till the next release from upstream. Should a re-release be necessary I'll be sure to bump the pkgrel back up so no user is left behind.

lightdot commented on 2017-03-05 17:19

> As there have been no changes relevant
> to the output generated by this PKGBUILD
> I have rolled the package release back...

A reasonable move, IMHO. But please jump from 2.0.3-1 to 2.0.3-4 should a release in the 2.0.3 line be needed in the future.

Thanks for picking up the package, btw.

WoefulDerelict commented on 2017-02-18 21:21

quellen: Please use your eyes before flagging packages out of date unnecessarily. There is a pinned post warning you about extra preparation necessary to verify the source via a PGP signature. There is also a URL directing you to a signed binary package in the Arch Linux Archive is figuring out how to build this is too hard.

WoefulDerelict commented on 2017-02-18 19:19

As there have been no changes relevant to the output generated by this PKGBUILD I have rolled the package release back to the same one given to the last release before this was dropped from [Multilib] to prevent more unnecessary updates and rebuilds. There is presently a signed binary package for this in the Arch Linux Archive here: https://archive.archlinux.org/packages/l/lib32-libmng/

WoefulDerelict commented on 2017-02-18 19:13

This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developer's located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver
This article also contains helpful information describing the installation of GnuPG, its configuration and usage.

Execute the following to import keys using gpg:
gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>

lisu_ml commented on 2017-02-18 14:29

Sorry, but I have no time to take care of the package anymore.

WoefulDerelict commented on 2017-02-17 13:07

punk0x29a: It appears that gpg is having some issues finding or connecting to the keyserver. Find out why gpg isn't connecting. The community for #archlinux on FreeNode can likely fill in when the documentation is lacking. There are a number of channels offering support in different languages.

While the package release has been iterated a few times since lib32-libmng was dropped from [Multilib] the changes have been trivial and have absolutely no effect on the output. There is still a perfectly valid, recent, signed package for this available in the Arch Linux Archive one can use and no reason to rebuild it. https://archive.archlinux.org/packages/l/lib32-libmng/

lisu_ml: There is an example of the pin I use for PKGBUILDs with signed sources on libc++ here: https://aur.archlinux.org/pkgbase/libc%2B%2B/

Feel free to adapt it and use it as you see fit. I tried to keep it brief as I didn't want it burying everything else beneath a wall of text.

lisu_ml commented on 2017-02-17 10:32

@punk0x29a: Have you tried again by any chance? Also if it still doesn't work, could you please run the command with '-v' switch:

$ gpg -v --recv-keys F54984BFA16C640F

and paste the output here?

All comments