Another round in the Easter egg hunt for xz 5.4.6, resorting now to the version on SourceForge. Also removed possibly compromised PGP keys.
Search Criteria
Package Details: pacman-static 7.0.0.r6.gc685ae6-12
Package Actions
| Git Clone URL: | https://aur.archlinux.org/pacman-static.git (read-only, click to copy) |
|---|---|
| Package Base: | pacman-static |
| Description: | Statically-compiled pacman (to fix or install systems without libc) |
| Upstream URL: | https://www.archlinux.org/pacman/ |
| Licenses: | GPL-2.0-or-later |
| Submitter: | mazieres |
| Maintainer: | Morganamilo (andreas_baumann) |
| Last Packager: | andreas_baumann |
| Votes: | 58 |
| Popularity: | 2.02 |
| First Submitted: | 2013-01-09 02:17 (UTC) |
| Last Updated: | 2024-12-19 07:58 (UTC) |
Dependencies (5)
- pacman (pacman-gitAUR)
- git (git-gitAUR, git-glAUR) (make)
- kernel-headers-musl (make)
- meson (meson-gitAUR) (make)
- musl (musl-gitAUR) (make)
Required by (0)
Sources (26)
- ca-dir.patch
- git+https://github.com/tukaani-project/xz#tag=v5.6.3
- git+https://gitlab.archlinux.org/pacman/pacman.git#tag=v7.0.0?signed
- https://curl.haxx.se/download/curl-8.11.1.tar.gz
- https://curl.haxx.se/download/curl-8.11.1.tar.gz.asc
- https://github.com/c-ares/c-ares/releases/download/v1.34.3/c-ares-1.34.3.tar.gz
- https://github.com/c-ares/c-ares/releases/download/v1.34.3/c-ares-1.34.3.tar.gz.asc
- https://github.com/facebook/zstd/releases/download/v1.5.6/zstd-1.5.6.tar.zst
- https://github.com/facebook/zstd/releases/download/v1.5.6/zstd-1.5.6.tar.zst.sig
- https://github.com/libarchive/libarchive/releases/download/v3.7.7/libarchive-3.7.7.tar.xz
- https://github.com/libarchive/libarchive/releases/download/v3.7.7/libarchive-3.7.7.tar.xz.asc
- https://github.com/nghttp2/nghttp2/releases/download/v1.64.0/nghttp2-1.64.0.tar.xz
- https://github.com/openssl/openssl/releases/download/openssl-3.4.0/openssl-3.4.0.tar.gz
- https://github.com/openssl/openssl/releases/download/openssl-3.4.0/openssl-3.4.0.tar.gz.asc
- https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.0.tar.bz2
- https://gnupg.org/ftp/gcrypt/libassuan/libassuan-3.0.0.tar.bz2.sig
- https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.51.tar.bz2
- https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.51.tar.bz2.sig
- https://sourceware.org/pub/bzip2/bzip2-1.0.8.tar.gz
- https://sourceware.org/pub/bzip2/bzip2-1.0.8.tar.gz.sig
- https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-1.24.1.tar.bz2
- https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-1.24.1.tar.bz2.sig
- https://zlib.net/zlib-1.3.1.tar.gz
- https://zlib.net/zlib-1.3.1.tar.gz.asc
- openssl-3.0.7-no-atomic.patch
- pacman-revertme-makepkg-remove-libdepends-and-libprovides.patch
andreas_baumann commented on 2024-03-30 18:40 (UTC)
greyltc commented on 2024-03-30 18:04 (UTC)
Can this please be removed from the package? '22D465F2B4C173803B20C6DE59FCF207FEA7F445') # Jia Tan jiat0218@gmail.com
andreas_baumann commented on 2024-03-30 17:09 (UTC) (edited on 2024-03-30 18:18 (UTC) by andreas_baumann)
@BryanLiang: You don't expect me to use any source tarball I didn't verify myself against the one used in the old pkg source package on archive.org. :-) Fedora happens to have the same tarball for 5.4.6 only, that's why I rather take this one.
BryanLiang commented on 2024-03-30 12:02 (UTC) (edited on 2024-03-30 12:06 (UTC) by BryanLiang)
@andreas_baumann I found a git repo which is still working https://git.tukaani.org/xz.git from a reddit comment.
But I'm not sure the git repo is trusted.
andreas_baumann commented on 2024-03-30 08:41 (UTC) (edited on 2024-03-30 09:31 (UTC) by andreas_baumann)
Strange things happening here with xz:
https://github.com/tukaani-project/xz
This repository has been disabled.
" Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service. If you are the owner of the repository, you may reach out to GitHub Support for more information. "
More on this https://www.phoronix.com/news/GitHub-Disables-XZ-Repo.
Getting 5.4.6 from Fedora for now. (Could also take them from sources.archive.org, but then the tarball and signature are not easy accessible from there).
Upstream xz 5.6.1 is patched with a versoin from the (for now) not available github repo, so..
phoepsilonix commented on 2024-03-23 11:40 (UTC) (edited on 2024-03-24 22:46 (UTC) by phoepsilonix)
Proposal.
Add -ffat-lto-objects flag to LTOFLAGS to prevent mangling of static libs.(gcc)
If We add -ffat-lto-objects to LTOFLAGS, We don't have to worry about specifying lto options in makepkg.conf or PKGBUILD.
diff --git a/PKGBUILD b/PKGBUILD
index 7e96789..525e004 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -139,6 +139,11 @@ fi
export CFLAGS+=' -D_LARGEFILE64_SOURCE'
export CXXFLAGS+=' -D_LARGEFILE64_SOURCE'
+# Add -ffat-lto-objects flag to LTOFLAGS to prevent mangling of static libs.(gcc)
+# In clang-16, there seems to be no problem without this option specified.
+# (The -ffat-lto-objects option is planned to be supported from clang-17.)
+[[ $CC =~ gcc ]] && export LTOFLAGS+=" -fuse-linker-plugin -ffat-lto-objects"
+
# keep using xz-compressed packages, because one use of the package is to
# recover on systems with broken zstd support in libarchive
[[ $PKGEXT = .pkg.tar.zst ]] && PKGEXT=.pkg.tar.xz
andreas_baumann commented on 2024-03-14 09:52 (UTC)
Will update to 6.1 when core-stable goes to 6.1 not if core-testing is on 6.1.
andreas_baumann commented on 2024-03-09 16:13 (UTC)
@Archttila: this doesn't explain anything. What where you doing when you got this error message?
Archttila commented on 2024-03-09 15:43 (UTC)
no such file or directory: PKGBUILD
andreas_baumann commented on 2024-02-16 07:42 (UTC)
For maintainance of the keys:
for i in $( . PKGBUILD; echo "${validpgpkeys[@]}" ); do gpg --receive "$i"; gpg -a --export "$i" > "keys/pgp/$i.asc" ; done
Pinned Comments
Morganamilo commented on 2022-02-20 18:30 (UTC)
There's now a custom repo and binaries again. Though only for x86_64 currently.
Custom Repo
Pre compiled binaries
https://pkgbuild.com/~morganamilo/pacman-static/x86_64/bin/