New PGP key (2019) to verify signature: 5B8CF87BB893449B
Search Criteria
Package Details: mumble-snapshot 1:1.3.0_rc2-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/mumble-snapshot.git (read-only, click to copy) |
|---|---|
| Package Base: | mumble-snapshot |
| Description: | A high quality voice chat program. |
| Upstream URL: | https://www.mumble.info/ |
| Licenses: | BSD |
| Conflicts: | mumble |
| Provides: | mumble |
| Submitter: | synapse84 |
| Maintainer: | None |
| Last Packager: | anonfunc |
| Votes: | 7 |
| Popularity: | 0.000000 |
| First Submitted: | 2014-08-01 01:30 (UTC) |
| Last Updated: | 2019-06-26 23:23 (UTC) |
Dependencies (13)
- hicolor-icon-theme (hicolor-icon-theme-git)
- libpulse (libpulse-bluedio, pulseaudio-pali, pulseaudio-dummy, libpulse-nosystemd-git, libpulse-nosystemd, libpulse-nosystemd-minimal-git, libpulse-airplay, pulseaudio-git)
- libspeechd (libspeechd-git)
- opus (opus-git)
- protobuf (protobuf-git)
- qt5-svg (qt5-svg-git)
- speex (speex-git)
- boost (boost-git, boost174) (make)
- libsndfile (libsndfile-minimal-git, libsndfile-git) (make)
- python (nogil-python, python36, python32, python39, python38, python37, python311, python312) (make)
- qt5-tools (qt5-tools-git) (make)
- speech-dispatcher (speech-dispatcher-git) (make)
- espeak (espeak-test, espeak-ng-extended-git) (optional) – speech synthesizer
Required by (8)
- ioquake3-git (requires mumble) (optional)
- lilium-voyager-git (requires mumble) (optional)
- linux-air-combat (requires mumble) (optional)
- spearmint (requires mumble) (optional)
- spearmint-git (requires mumble) (optional)
- urbanterror41 (requires mumble)
- vkquake3-git (requires mumble) (optional)
- wahay-bin (requires mumble)
Sources (2)
anonfunc commented on 2018-03-21 23:46 (UTC) (edited on 2019-03-20 12:13 (UTC) by anonfunc)
FunctionalHacker commented on 2017-03-27 14:11 (UTC)
The latest version fails to build on my machine with the following errors:
cc1plus: error: one or more PCH files were found, but they were invalid
cc1plus: error: use -Winvalid-pch for more information
cc1plus: fatal error: release/mumble: No such file or directory
compilation terminated.
Lazy commented on 2017-02-20 13:31 (UTC)
Current build of mumble-snapshot only works with protobuf-3.1.0, but gives error of loading shared library libprotobuf.so.11, if we use protobuf-3.2.0
synapse84 commented on 2016-10-23 05:49 (UTC) (edited on 2017-05-23 17:59 (UTC) by synapse84)
GPG signature verification is enabled, you must import the mumble developers key with the following command:
$ gpg --keyserver pgp.mit.edu --recv-keys C4666C6767A26017CE68406988048D0D625297A0
libprotobuf shared library error:
Mumble must be rebuilt after `protobuf` updates to target the updated shared libraries.
synapse84 commented on 2016-10-23 02:22 (UTC) (edited on 2016-10-23 08:49 (UTC) by synapse84)
@Kiwii Sorry for the late response, I've been rather busy lately.
I've tried to use the pgp signature in the past, but it's always forced user intervention. I dislike requiring user intervention if i can prevent it, but I agree using the pgp signature is better. I'll see about using the signature over the next few days.
I don't know much about the aur comments markup, so I'm not sure if you can prevent it from stripping leading spaces.
Kiwii commented on 2016-10-18 17:38 (UTC) (edited on 2016-10-18 17:40 (UTC) by Kiwii)
May I suggest changing the pkgbuild to check the pgp signature provided by upstream instead of the sha256 generated by you?
That way you don't have to regenerate the hash for every version bump and we have a stronger verification of the authenticity of the source files.
GnuPG is present on all Arch installs anyway since pacman depends on gpgme, so the only inconvenience is the user having to import the key once¹.
All you'd have to do is add the *.sig file to the source array, list the valid key fingerprint and skip the sha256, like so:
source=("http://mumble.info/snapshot/mumble-${pkgver//_/\~}~snapshot.tar.gz"
"http://mumble.info/snapshot/mumble-${pkgver//_/\~}~snapshot.tar.gz.sig")
validpgpkeys=('3BD0ECA5925319AF89C25865B585609C5A2BE0C1')
sha256sums=('SKIP'
'SKIP')
The fingerprint can be found on upstream's github² in the form "3BD0 ECA5 9253 19AF 89C2 5865 B585 609C 5A2B E0C1" and belongs to "Mumble Automatic Build Infrastructure 2016 <mumble-auto-build-2016@mumble.info>". Apparently upstream generates a new key each year.
Arch Wiki also recommends this over checksums: "If possible, however, always test the authenticity of the files by adding their signatures to the source array: in this case you will also be able to safely skip their checksum verification altogether"³
Is there a good reason not to do this change?
Edit: Offtopic but do aur comments support some markup language to prevent it from stripping leading spaces?
¹ $ gpg --keyserver pgp.mit.edu --recv-keys 3BD0ECA5925319AF89C25865B585609C5A2BE0C1
² https://github.com/mumble-voip/mumble-gpg-signatures/blob/master/gpg.txt
³ https://wiki.archlinux.org/index.php/PKGBUILD#Integrity
synapse84 commented on 2015-12-26 23:50 (UTC) (edited on 2015-12-26 23:57 (UTC) by synapse84)
@MKody Added 'qt5-svg' as a dependency. Thanks.
MKody commented on 2015-12-25 20:48 (UTC)
Hi, "qt5-svg" should be added to the dependencies. It was missing for me and the make was failing without it.
Pinned Comments
anonfunc commented on 2018-03-21 23:46 (UTC) (edited on 2019-03-20 12:13 (UTC) by anonfunc)
New PGP key (2019) to verify signature: 5B8CF87BB893449B