@WorMzy That unknown 26B40624BDBFD9F3 key may have something to do with version 29.4.6 not being listed at the Releases page in the repo?
The last one I see at upstream right now is
1 month ago
29.4.5.1_Release
44d7f4b8c3
Search Criteria
Package Details: palemoon 1:33.3.1-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/palemoon.git (read-only, click to copy) |
|---|---|
| Package Base: | palemoon |
| Description: | Open source web browser based on Firefox focusing on efficiency. |
| Upstream URL: | https://www.palemoon.org/ |
| Keywords: | browser goanna web |
| Licenses: | MPL-2.0 |
| Submitter: | artiom |
| Maintainer: | WorMzy |
| Last Packager: | WorMzy |
| Votes: | 142 |
| Popularity: | 0.42 |
| First Submitted: | 2014-06-05 10:54 (UTC) |
| Last Updated: | 2024-09-10 11:23 (UTC) |
Dependencies (15)
- alsa-lib
- dbus-glib
- desktop-file-utils (desktop-file-utils-gitAUR)
- gtk2 (gtk2-maemoAUR, gtk2-patched-filechooser-icon-viewAUR)
- libxt
- mime-types (mailcap)
- startup-notification
- git (git-gitAUR, git-glAUR) (make)
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR) (make)
- python2AUR (python2-binAUR) (make)
- unzip (unzip-natspecAUR, unzip-zstdAUR) (make)
- yasm (yasm-gitAUR) (make)
- zip (zip-natspecAUR) (make)
- ffmpeg (ffmpeg-intel-full-gitAUR, ffmpeg-nvcodec-11-1-gitAUR, ffmpeg-cudaAUR, ffmpeg-ffplayoutAUR, ffmpeg-decklinkAUR, ffmpeg-fullAUR, ffmpeg-gitAUR, ffmpeg-amd-fullAUR, ffmpeg-headlessAUR, ffmpeg-amd-full-gitAUR, ffmpeg-full-gitAUR, ffmpeg-libfdk_aacAUR, ffmpeg-obsAUR) (optional) – various video and audio support
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR) (optional) – PulseAudio audio driver
Required by (6)
Sources (3)
Bitals commented on 2022-05-03 14:22 (UTC)
WorMzy commented on 2022-04-10 18:51 (UTC)
The key used to sign commit 44d7f4b8c3 was 40481E7B8FCF9CEC:
https://repo.palemoon.org/MoonchildProductions/palemoon-dev/commit/44d7f4b8c34dc50c1f54995a6ec0535e2f0549d1
$ git -C src/palemoon-dev verify-commit 44d7f4b8c3
gpg: enabled debug flags: memstat
gpg: Signature made Mon 28 Mar 2022 14:59:31 BST
gpg: using RSA key 3DAD8CD107197488D2A2A0BD40481E7B8FCF9CEC
gpg: Good signature from "Moonchild (RSA signing key) <moonchild@palemoon.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3DAD 8CD1 0719 7488 D2A2 A0BD 4048 1E7B 8FCF 9CEC
gpg: keydb: handles=3 locks=0 parse=0 get=3
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=3 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=6 cached=6 good=6 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
I don't think 26B40624BDBFD9F3 is used to sign release commits, but if it ever is, I'll add it to the validpgpkeys array.
saburouta commented on 2022-04-10 16:06 (UTC)
Should this public key be trusted? "3059E09144F56804F0FBF4E126B40624BDBFD9F3"
I tried to follow related comments in the thread, but it looks like this shouldn't be the key for 29.4.5.1.
WorMzy commented on 2022-03-21 17:00 (UTC) (edited on 2022-03-25 16:27 (UTC) by WorMzy)
Please note that the 30.0.x release has been pulled while upstream deal with the fallout of the actions a disgruntled contributor. While there is nothing suggesting the 30.0.x releases are compromised in any way, the lead dev is understandably too busy performing damage control to support the 30.0.x release and is recommending people stick to 29.4.x for the time being.
More details at https://forum.palemoon.org/viewtopic.php?f=1&t=28044
WorMzy commented on 2022-02-27 23:48 (UTC)
I can confirm that the package still builds fine in a clean chroot with the gcc10 package linked below. If you're still getting build failures, try cleaning your $srcdir (makepkg -C). Or use a clean chroot.
WorMzy commented on 2022-02-27 23:16 (UTC)
You can grab the last-packaged gcc10 package here: https://archive.archlinux.org/packages/g/gcc10/gcc10-1%3A10.3.0-2-x86_64.pkg.tar.zst
Should still work fine. Hopefully someone will adopt gcc10 and upload to the AUR.
saburouta commented on 2022-02-27 22:06 (UTC)
@micwoj92 Thanks. I don't have high hopes that it will help, but I feel like I need to try this before I continue trying to troubleshoot other things.
micwoj92 commented on 2022-02-27 22:02 (UTC)
saburouta commented on 2022-02-27 21:57 (UTC)
@micwoj92 The communit/gcc-libs package links to missing sources. Is Arch Linux's git repo down or something? Is there a simple way to transform this url to get to the package's sources?
https://github.com/archlinux/svntogit-community/tree/packages/gcc10/trunk
micwoj92 commented on 2022-02-27 21:55 (UTC)
There was gcc10 package in community repo so you could get PKGBUILD from there (git history).
Pinned Comments
WorMzy commented on 2021-03-02 16:19 (UTC) (edited on 2022-08-03 21:12 (UTC) by WorMzy)
The following key is used to sign release commits:
40481E7B8FCF9CEC
Import it into your keyring however you want.
https://wiki.archlinux.org/index.php/GnuPG#Import_a_public_key