Package Details: pacaudit 0.4.0-2

Git Clone URL: https://aur.archlinux.org/pacaudit.git (read-only)
Package Base: pacaudit
Description: This package audits installed packages against known vulnerabilities. Use after pacman -Syu.
Upstream URL: https://github.com/steffenfritz/pacaudit
Keywords: security
Licenses: GPL3
Submitter: ampoffcom
Maintainer: ampoffcom
Last Packager: ampoffcom
Votes: 7
Popularity: 0.917978
First Submitted: 2017-02-17 19:13
Last Updated: 2018-12-25 22:23

Latest Comments

ampoffcom commented on 2019-01-16 08:00

Hi @lostshiner. This is already an enhancement request on github (https://github.com/steffenfritz/pacaudit/issues/4). I don't like the idea of blocking as long pacaudit is just in the AUR. Maybe as a hook and print a warning when pacman is trying to install a package that is vulnerable. I will work on this idea asap.

Lostshiner commented on 2019-01-15 14:17

Is it possible to block the installation of a package if it is vulnerable using pacaudit?

ampoffcom commented on 2018-12-25 22:30

Updated the PKGBUILD of pacaudit to follow the AUR Go guidelines and added the PIE buildmode

ampoffcom commented on 2017-05-21 22:30

Hi @puffybsd, please import my public key and try again:

gpg --recv-keys 7328F6E376924E4EE266381D3D9C808E038A615C

Reference: https://github.com/steffenfritz/pacaudit

puffybsd commented on 2017-05-21 22:06

I'm getting an unknown public key error on install:

==> Validating source files with sha256sums...
v0.4.0.tar.gz ... Passed
v0.4.0.tar.gz.asc ... Passed
==> Verifying source file signatures with gpg...
v0.4.0.tar.gz ... FAILED (unknown public key E7AC1413202ECDA2)
==> ERROR: One or more PGP signatures could not be verified!
:: failed to verify pacaudit integrity

ampoffcom commented on 2017-03-05 12:12

With release v0.3.1 pacaudit has a -v (verbose) and a -n (Nagios) flag. Please check the man page.