Search Criteria
Package Details: monero-feather 2.4.5-1
Git Clone URL: | https://aur.archlinux.org/monero-feather.git (read-only, click to copy) |
---|---|
Package Base: | monero-feather |
Description: | A free Monero desktop wallet |
Upstream URL: | https://featherwallet.org |
Licenses: | BSD |
Conflicts: | monero-feather, monero-feather-git |
Provides: | monero-feather |
Submitter: | kescherAUR |
Maintainer: | Fijxu |
Last Packager: | kescherAUR |
Votes: | 5 |
Popularity: | 0.000047 |
First Submitted: | 2021-11-29 13:51 (UTC) |
Last Updated: | 2023-04-08 10:03 (UTC) |
Dependencies (21)
- boost-libs (boost-libs-gitAUR)
- expat (expat-gitAUR)
- hidapi (hidapi-gitAUR)
- libgcrypt
- libsodium (libsodium-gitAUR, libsodium-1.0.18AUR)
- libunwind (libunwind-carbonAUR, libunwind-gitAUR)
- libusb (libusb-gitAUR)
- libzip (libzip-gitAUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- protobuf (protobuf-gitAUR)
- qrencode (qrencode-gitAUR)
- qt6-base (qt6-base-gitAUR, qt6-base-headlessAUR)
- qt6-multimedia
- qt6-svg
- qt6-websockets
- tor (tor-gitAUR, tor-unstableAUR)
- unbound (unbound-gitAUR)
- zbar (zbar-gitAUR)
- boost (boost-gitAUR) (make)
- cmake (cmake-gitAUR) (make)
- Show 1 more dependencies...
Latest Comments
kescherAUR commented on 2022-04-09 06:30 (UTC)
@jake_penguins fixed.
jake_penguins commented on 2022-04-08 23:37 (UTC)
The git source repo is outdated. They've moved the source to GitHub now: https://github.com/feather-wallet/feather
stef204 commented on 2022-01-07 23:36 (UTC) (edited on 2022-01-08 17:05 (UTC) by stef204)
the appimage is signed and verifiable i believe, possibly better suited to my needs. thanks.
kescherAUR commented on 2022-01-07 23:15 (UTC)
@stef204 as far as I'm aware, you can't verify git sources using a checksum. And I have to use that, as the build relies on git submodules.
stef204 commented on 2022-01-07 23:04 (UTC) (edited on 2022-01-07 23:12 (UTC) by stef204)
I think a tag is a tag, it won't change. further revisions to the source code will result in another tag. so you could at least verify the integrity of the source file downloaded in line 18; and include such check (some checksum) inside the PKGBUILD (as opposed to using "skip" which is typically used for git only packages?
https://wiki.archlinux.org/title/PKGBUILD#Integrity
kescherAUR commented on 2022-01-07 19:45 (UTC)
@stef204 Sadly, I am stumped as to how I would achieve this. The package sadly requires the git repository to be cloned due to the project's reliance on git submodules. Therefore, I can't really use checksum verification. And sadly, the tags on the repo are lightweight tags, which are not signed.
If you know a way, do tell, I'd be glad to put it into the PKGBUILD.
stef204 commented on 2022-01-07 15:03 (UTC) (edited on 2022-01-07 23:15 (UTC) by stef204)
@kescherAUR Thanks for this package. can you please add a checksum and/or signature (gpg) verification? this is a key point. git packages usually skip this step since source code can be revised very frequently but this is not the case for releases/tags which should be verified. (I realize there is the app image package (-bin) which is verified but IMHO, this one should be as well.)