Package Details: lib32-libmng 2.0.3-1

Git Clone URL: https://aur.archlinux.org/lib32-libmng.git (read-only, click to copy)
Package Base: lib32-libmng
Description: A collection of routines used to create and manipulate MNG format graphics files (32-bit)
Upstream URL: http://www.libmng.com/
Licenses: custom
Submitter: arojas
Maintainer: WoefulDerelict
Last Packager: WoefulDerelict
Votes: 62
Popularity: 0.000016
First Submitted: 2017-02-09 20:37 (UTC)
Last Updated: 2018-03-17 15:12 (UTC)

Pinned Comments

WoefulDerelict commented on 2017-02-18 19:13 (UTC) (edited on 2018-08-18 20:25 (UTC) by WoefulDerelict)

This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developers located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver This article also contains helpful information describing the installation of GnuPG, its configuration and usage.

Execute the following to import keys using gpg:

gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>

The PGP signature check can be skipped by passing --skippgpcheck to makepkg.

Consult the makepkg manual page for a full list of options. [https://www.archlinux.org/pacman/makepkg.8.html]

Latest Comments

1 2 3 Next › Last »

sergey.orloff commented on 2019-08-01 16:28 (UTC)

gpg --receive-keys F54984BFA16C640F

Kakashi-sensei commented on 2018-10-06 14:42 (UTC)

OK, so the maintainer believes it's OK. Gotcha.

Kakashi-sensei commented on 2018-10-04 04:03 (UTC) (edited on 2018-10-04 04:05 (UTC) by Kakashi-sensei)

I don't understand. The PGP signatures are expired, but this hasn't been updated. So, we are just supposed to skip the pgp check? I did that using "export MAKEPKG="makepkg --skipinteg"". But, is that really OK?

vita_cell commented on 2018-03-03 07:29 (UTC)

Please, can you reupload this package? I can not open the lib32-libmng.tar.gz file.

WoefulDerelict commented on 2017-09-28 16:59 (UTC)

slackman: Unfortunately SourceForge can be a tad unreliable. This is; however, where the project is hosted and where the package in [Extra] also fetches the source from. At present one encounters no issues when fetching the source and signature from SourceForge.

slackman commented on 2017-09-26 15:45 (UTC)

The http://downloads.sourceforge.net/sourceforge/libmng/libmng-2.0.3.tar.xz file doesn't work anymore! I had to copy it manually from the link bottom. https://ftp.osuosl.org/pub/blfs/conglomeration/libmng/

WoefulDerelict commented on 2017-03-06 16:39 (UTC)

lightdot: With a whole lot of luck this won't need updating till the next release from upstream. Should a re-release be necessary I'll be sure to bump the pkgrel back up so no user is left behind.

lightdot commented on 2017-03-05 17:19 (UTC)

> As there have been no changes relevant > to the output generated by this PKGBUILD > I have rolled the package release back... A reasonable move, IMHO. But please jump from 2.0.3-1 to 2.0.3-4 should a release in the 2.0.3 line be needed in the future. Thanks for picking up the package, btw.

WoefulDerelict commented on 2017-02-18 21:21 (UTC)

quellen: Please use your eyes before flagging packages out of date unnecessarily. There is a pinned post warning you about extra preparation necessary to verify the source via a PGP signature. There is also a URL directing you to a signed binary package in the Arch Linux Archive is figuring out how to build this is too hard.