Oh, I see. Indeed, the 8A74EAAF89C17944 is a subkey buried under https://rpm.librewolf.net/pubkey.gpg That's why I did not se any reference to it. Thank you for the verification. I too confirm key 8A74EAAF89C17944 is valid.
Search Criteria
Package Details: librewolf-bin 1:152.0.6_1-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/librewolf-bin.git (read-only, click to copy) |
|---|---|
| Package Base: | librewolf-bin |
| Description: | Community-maintained fork of Firefox, focused on privacy, security and freedom. |
| Upstream URL: | https://librewolf.net/ |
| Keywords: | browser web |
| Licenses: | MPL-2.0 |
| Conflicts: | librewolf |
| Provides: | librewolf |
| Submitter: | lsf |
| Maintainer: | lsf |
| Last Packager: | lsf |
| Votes: | 644 |
| Popularity: | 19.43 |
| First Submitted: | 2019-06-16 13:12 (UTC) |
| Last Updated: | 2026-07-15 08:05 (UTC) |
Dependencies (39)
- alsa-lib
- at-spi2-core (at-spi2-core-gitAUR)
- bash (bash-gitAUR, bash-devel-gitAUR)
- cairo (cairo-gitAUR)
- dbus (dbus-gitAUR, dbus-selinuxAUR, dbus-nosystemd-gitAUR)
- ffmpeg (ffmpeg-nvcodec-11-1-gitAUR, ffmpeg-ffplayoutAUR, ffmpeg-cudaAUR, ffmpeg-whisper-gitAUR, ffmpeg-gitAUR, ffmpeg-decklinkAUR, ffmpeg-whisperAUR, ffmpeg-cuda-fullAUR, ffmpeg-amd-full-gitAUR, librempeg-gitAUR, ffmpeg-full-llvmAUR, ffmpeg-fullAUR, ffmpeg-full-gitAUR, ffmpeg-libfdk_aacAUR, ffmpeg-amd-fullAUR, ffmpeg-headlessAUR, ffmpeg-obsAUR)
- fontconfig (fontconfig-gitAUR, fontconfig-ubuntuAUR)
- freetype2 (freetype2-qdoled-aw3225qfAUR, freetype2-qdoled-gen3AUR, freetype2-gitAUR, freetype2-macosAUR, freetype2-qdoledAUR, freetype2-woledAUR)
- gcc-libs (gcc-libs-gitAUR, gcc-libs-fast-optimizedAUR, gccrs-libs-gitAUR, gcc-libs-snapshotAUR)
- gdk-pixbuf2 (gdk-pixbuf2-gitAUR, gdk-pixbuf2-noglycinAUR)
- glib2 (glib2-gitAUR, glib2-patched-thumbnailerAUR)
- glibc (glibc-gitAUR, glibc-git-native-pgoAUR, glibc-eacAUR)
- gtk3 (gtk3-no_deadkeys_underlineAUR, gtk3-classicAUR, gtk3-patched-filechooser-icon-viewAUR, gtk3-classic-xfceAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR)
- libx11 (libx11-gitAUR)
- libxcb (libxcb-gitAUR)
- libxcomposite
- libxcursor
- libxdamage
- Show 19 more dependencies...
Required by (40)
- edge-frfox (requires librewolf) (optional)
- ff2mpv-go-git (requires librewolf) (optional)
- ff2mpv-rust (requires librewolf) (optional)
- firefox-gnome-theme (requires librewolf) (optional)
- librewolf-autoconfig-prefs (requires librewolf)
- librewolf-comment-out-cfg-hook (requires librewolf)
- librewolf-extension-bitwarden-bin (requires librewolf)
- librewolf-extension-bitwarden-git (requires librewolf) (optional)
- librewolf-extension-dark-background-light-text (requires librewolf)
- librewolf-extension-darkreader (requires librewolf)
- librewolf-extension-darkreader-bin (requires librewolf)
- librewolf-extension-duckduckgo-privacy-essentials (requires librewolf)
- librewolf-extension-foxyproxy (requires librewolf)
- librewolf-extension-gnome-shell-integration (requires librewolf)
- librewolf-extension-greasemonkey (requires librewolf)
- librewolf-extension-kagisearch-bin (requires librewolf)
- librewolf-extension-localcdn-bin (requires librewolf)
- librewolf-extension-plasma-integration (requires librewolf)
- librewolf-extension-plasma-integration-bin (requires librewolf)
- librewolf-extension-protonpass-bin (requires librewolf)
- Show 20 more...
Sources (7)
- default192x192.png
- git+https://codeberg.org/librewolf/source.git#tag=152.0.6-1
- https://codeberg.org/api/packages/librewolf/generic/librewolf/152.0.6-1/librewolf-152.0.6-1-linux-arm64-package.tar.xz
- https://codeberg.org/api/packages/librewolf/generic/librewolf/152.0.6-1/librewolf-152.0.6-1-linux-arm64-package.tar.xz.sig
- https://codeberg.org/api/packages/librewolf/generic/librewolf/152.0.6-1/librewolf-152.0.6-1-linux-x86_64-package.tar.xz
- https://codeberg.org/api/packages/librewolf/generic/librewolf/152.0.6-1/librewolf-152.0.6-1-linux-x86_64-package.tar.xz.sig
- librewolf.desktop
Latest Comments
« First ‹ Previous 1 2 3 4 5 6 7 8 9 10 11 12 .. 29 Next › Last »
sipak commented on 2025-11-03 18:47 (UTC)
ZLima12 commented on 2025-11-03 08:51 (UTC)
Yes, 8A74EAAF89C17944 is a subkey of 662E3CDD6FE329002D0CA5BB40339DD82B12EF16 which does indeed appear to be the authentic key: https://codeberg.org/librewolf/issues/issues/2337
lsf commented on 2025-11-03 08:47 (UTC)
@sipak: 8A74EAAF89C17944 is the signing subkey of the key (662E3CDD6FE329002D0CA5BB40339DD82B12EF16) that's in the PKGBUILD.
The output showing unknown public key 8A74EAAF89C17944 if it's missing is a bit unhelpful/confusing though, understandably.
If you have the key imported, you can check it via gpg --keyid-format long --list-keys 8A74EAAF89C17944, for example, or by looking at the details of the key at https://keyserver.ubuntu.com/pks/lookup?search=8A74EAAF89C17944&fingerprint=on&op=index .
sipak commented on 2025-11-03 08:00 (UTC)
I am not sure that 8A74EAAF89C17944 is a valid key. Anybody can upload keys to ubuntu key server and claim to be somebody else.
I cannot find any reference to this key in any of the official librewolf sites. Example: https://codeberg.org/librewolf/arch
lsf commented on 2025-10-07 07:15 (UTC)
I very much appreciate you coming back and apologizing. (fwiw: my reply, then, was also not as "neutrally phrased" as it maybe should've been) It's understandable, I guess, especially with an issue like this one that I should have spotted myself (usually, I watch/follow Arch upstreams's Firefox PKGBUILD changes; but, well: not always, as should now be obvious).
So: it was indeed useful; thanks :)
lone-cloud commented on 2025-10-06 23:07 (UTC)
Sorry for the heated words. I spent an hour testing and fixing the issue this morning and was not happy. Hope at least the fix was useful.
lsf commented on 2025-10-06 22:40 (UTC)
Maybe, my dearest @lone-cloud, the issue might be somewhat related to the fact that we're currently more or less one-and-a-half people at best maintaining pretty much the whole thing.
That's very much not optimal, true.
More importantly though: your approach to handling a packaging issue you've spotted is pretty much not helping, and would be disheartening, if it weren't for me being stubborn, I guess. (Also, I wouldn't want to leave the only other remaining core maintainer completely alone with the project, so "stepping down" is not an option.)
Way more words than I should've spent on this, so: on with more productive things.
Thanks for bringing this issue to my attention. Huge thanks to @DKMellow on Codeberg for the PR. I'll take care of merging it and updating the PKGBUILDs tomorrow, as soon as I've gotten a few hours of sleep.
spsf64 commented on 2025-10-06 21:53 (UTC) (edited on 2025-10-06 21:54 (UTC) by spsf64)
@lone-cloud instead of complaining and cursing at the maintainer, you could have, politely, asked him/her to become a co-maintainer or suggest a patch/fix...
dpirate commented on 2025-10-03 15:32 (UTC)
In the .desktop file shipped in this package, there's "StartupWMClass=LibreWolf". This is wrong. It should be "StartupWMClass=librewolf". Or else Plank won't recognise LibreWolf's desktop file and you can't keep in dock.
Pinned Comments
lsf commented on 2021-11-10 12:14 (UTC) (edited on 2026-05-07 09:38 (UTC) by lsf)
https://wiki.archlinux.org/title/Arch_User_Repository#Acquire_a_PGP_public_key_if_needed
gpg --keyserver hkp://keyserver.ubuntu.com --search-keys 031F7104E932F7BD7416E7F6D2845E1305D6E801/edit: starting with 112.0-1, the binaries are signed with the maintainers shared key, so
gpg --keyserver hkp://keyserver.ubuntu.com --search-keys 662E3CDD6FE329002D0CA5BB40339DD82B12EF16should do the trick instead. I've also signed the key with the previously used key, so you have at least some guarantee that it's not a malicious attack :)/edit: (2026-05-07): The upstream signing sub-key was rotated, and the
.tar.xztarballs will now be signed with a new subkey. The main key id (0x662E3CDD6FE329002D0CA5BB40339DD82B12EF16) remains unchanged though, so should you get an error during signature verification about a missing (sub)key, all that's required would be to refresh the key(s) viagpg --refresh-keys 662E3CDD6FE329002D0CA5BB40339DD82B12EF16.