Search Criteria
Package Details: packetry 0.5.0-2
Package Actions
| Git Clone URL: | https://aur.archlinux.org/packetry.git (read-only, click to copy) |
|---|---|
| Package Base: | packetry |
| Description: | USB 2.0 protocol analysis app for use with Cynthion |
| Upstream URL: | https://github.com/greatscottgadgets/packetry |
| Licenses: | BSD-3-Clause |
| Submitter: | Auerhuhn |
| Maintainer: | Auerhuhn |
| Last Packager: | Auerhuhn |
| Votes: | 0 |
| Popularity: | 0.000000 |
| First Submitted: | 2024-07-17 10:58 (UTC) |
| Last Updated: | 2025-12-07 22:58 (UTC) |
Dependencies (16)
- cairo (cairo-gitAUR)
- gcc-libs (gcc-libs-gitAUR, gccrs-libs-gitAUR, gcc-libs-snapshotAUR)
- gdk-pixbuf2 (gdk-pixbuf2-gitAUR, gdk-pixbuf2-noglycinAUR)
- glib2 (glib2-selinuxAUR, glib2-gitAUR, glib2-patched-thumbnailerAUR)
- glibc (glibc-gitAUR, glibc-eacAUR)
- gtk4 (gtk4-paper-planeAUR, gtk4-gitAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- pango (pango-gitAUR, pango-nothai-gitAUR)
- cargo (rust-gitAUR, rust-beta-binAUR, rustup-gitAUR, rust, rustup) (make)
- inkscape (inkscape-gitAUR, inkscape-appimgAUR, inkscape-binAUR) (make)
- libgit2 (libgit2-gitAUR) (make)
- python-sphinx (python-sphinx-gitAUR) (make)
- python-sphinx-inline-tabs (make)
- python-sphinx_rtd_theme (make)
- at-spi2-core (at-spi2-core-gitAUR) (check)
- xorg-server-xvfb (xorg-server-xvfb-gitAUR, xlibre-server-xvfb-binAUR, xlibre-xserver-xvfbAUR) (check)
Latest Comments
Deppy commented on 2025-12-08 02:06 (UTC)
@Auerhuhn Awesome, thanks for the quick response and analysis!
Auerhuhn commented on 2025-12-07 23:04 (UTC)
@Deppy Turns out that shortly after the v0.5.0 release, upstream moved the v0.5.0 tag forward in time.
Moving Git tags (in fact, any action that causes a reproducible checksum mismatch) is generally a red flag and warrants a closer look.
It’s benign most of the time, but supply chain attacks do happen so I’ve made it a habit to do an extra thorough analysis whenever this occurs.
In this case, however, I can conclude that the re-tagging happened in good faith and that it was just an attempt by upstream to fix their CI pipeline.
See my commit message for details.
I just pushed a 0.5.0-2 pkgrel to update the checksum.
Thanks again for reporting the mismatch!
Auerhuhn commented on 2025-12-07 21:34 (UTC)
@Deppy Thanks for the pointer.
I can confirm that at one point between September 30 and today, the hash of the source tarball has changed. I’m going to try and figure out what exactly happened and then report back.
Deppy commented on 2025-12-07 21:29 (UTC)
I'm getting a validation error trying to install this. The hash of the downloaded source tarball doesn't seem to match the hash in PKGBUILD for some reason:
Auerhuhn commented on 2025-02-12 08:23 (UTC)
@Coelacanthus Updated, thanks for the suggestions!
Coelacanthus commented on 2025-02-11 16:42 (UTC)
And suggest remove
!debugfrom options array and leave it to user's decision via options array inmakepkg.conf.Coelacanthus commented on 2025-02-11 16:41 (UTC)
Please add
!ltoto options array otherwise it will lead to tons of undefined symbols about libgit2.