Package Details: linux-firmware-mellanox-git 20240312.3b128b60-1

Git Clone URL: https://aur.archlinux.org/linux-firmware-git.git (read-only, click to copy)
Package Base: linux-firmware-git
Description: Firmware files for Linux - mellanox / Firmware for Mellanox Spectrum switches
Upstream URL: https://gitlab.com/kernel-firmware/linux-firmware
Licenses: GPL2, custom, GPL3
Conflicts: linux-firmware, linux-firmware-mellanox
Provides: linux-firmware-mellanox
Submitter: xduugu
Maintainer: MRWITEK
Last Packager: MRWITEK
Votes: 75
Popularity: 0.029465
First Submitted: 2010-05-19 22:50 (UTC)
Last Updated: 2024-03-15 11:25 (UTC)

Required by (1)

Sources (1)

Pinned Comments

MRWITEK commented on 2023-12-20 12:42 (UTC)

Upstream doesn't sign most commits anymore, so GPG signature check is disabled. They still sign every tag. Packages in the official repos package tags. You can check signatures with the following commands:

$ git log --format=raw --show-signature main
$ git tag -v $(git tag)

gbin commented on 2022-03-02 17:58 (UTC) (edited on 2022-03-02 18:07 (UTC) by gbin)

edit: found my problem the key server it could be useful for other people.

The default port is an high port and your ISP might filter it out!

use :80 in the ubuntu one and it should work:

pal ➜  ~  gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4CDE8575E547BF835FE15807A31B6BD72486CFD6
gpg: key A31B6BD72486CFD6: public key "Josh Boyer <jwboyer@fedoraproject.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1

MRWITEK commented on 2020-04-08 14:47 (UTC) (edited on 2022-12-15 12:15 (UTC) by MRWITEK)

https://wiki.archlinux.org/title/Arch_User_Repository#ERROR%3A_One_or_more_PGP_signatures_could_not_be_verified%21%3B_what_should_I_do%3F

https://wiki.archlinux.org/title/PKGBUILD#validpgpkeys

https://wiki.archlinux.org/title/Makepkg#Signature_checking

https://wiki.archlinux.org/title/Arch_User_Repository#What_is_the_difference_between_foo_and_foo-git_packages%3F

Latest Comments

1 2 3 4 5 6 Next › Last »

MRWITEK commented on 2023-12-20 12:42 (UTC)

Upstream doesn't sign most commits anymore, so GPG signature check is disabled. They still sign every tag. Packages in the official repos package tags. You can check signatures with the following commands:

$ git log --format=raw --show-signature main
$ git tag -v $(git tag)

Davius commented on 2023-12-04 09:52 (UTC) (edited on 2023-12-04 09:53 (UTC) by Davius)

seted as obsolete : missing dependancy : rdfind Need to find a way to avoid the use of --skippgpcheck

Beh_256914 commented on 2023-11-09 15:41 (UTC)

just a quick question is the latest gsp stuff downloadable if I use this like this stuff https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f4a3c72e5c413a601d1e21f9606f1c94a610d05d

c0d3z3r0 commented on 2023-10-03 13:51 (UTC) (edited on 2023-10-03 14:04 (UTC) by c0d3z3r0)

Looks like the problem with signatures is that the main branch is not being signed (anymore - was it ever? I don't know). Only tags are signed

Oh, well... https://www.spinics.net/lists/kernel/msg4521808.html

Kitt3120 commented on 2023-09-05 17:27 (UTC)

Oh, that explains it. Thanks for the info. I disabled the check for now and went with the newest version. Of course, as you said, at my own risk. I am also not aware on how to handle SSH signatures in PKGBUILDs, sorry :/

MRWITEK commented on 2023-09-05 16:05 (UTC) (edited on 2023-09-09 17:48 (UTC) by MRWITEK)

For some reason, some commits are now signed with SSH signature instead of PGP signature. I don't know how to make makepkg work with that. The last commit signed with PGP is c801b3b807d249bc24ab826e2754191f5f58cd1b, so use that one, or skip signature check AT YOUR OWN RISK.

Kitt3120 commented on 2023-09-05 08:29 (UTC) (edited on 2023-09-05 08:30 (UTC) by Kitt3120)

I'm getting the following error on two of my machines. Is this a problem on my side? I tried importing the key of Josh Boyer as described here, it's installed on my system.

==> Validating source files with sha256sums...
    linux-firmware-git ... Skipped
==> Verifying source file signatures with gpg...
    linux-firmware-git git repo ... SIGNATURE NOT FOUND
==> ERROR: One or more PGP signatures could not be verified!

error: failed to download sources for 'linux-firmware-git-20230814.0e048b06-1':