Package Details: rar 5.4.0-2

Git Clone URL: https://aur.archlinux.org/rar.git (read-only)
Package Base: rar
Description: A command-line port of the rar compression utility
Upstream URL: http://www.rarlab.com
Keywords: rar unrar
Licenses: custom
Conflicts: rar-beta
Submitter: None
Maintainer: Musikolo
Last Packager: Musikolo
Votes: 682
Popularity: 3.605862
First Submitted: 2008-10-15 21:38
Last Updated: 2017-07-16 22:54

Latest Comments

carlzoo commented on 2017-07-20 13:50

@spirtbrat the default aur cache location is in /home/$(whoami)/.cache/pacaur

spirtbrat commented on 2017-07-19 10:17

Remove rarlinux-x64-5.4.0.tar.gz from your source cache to force a new, fresh download.

mcgyver commented on 2017-07-19 08:37

Just faced a problem on the checksum:

==> Making package: rar 5.4.0-2 (Wed 19 Jul 09:37:21 BST 2017)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found rar.1
-> Found rarlinux-x64-5.4.0.tar.gz
==> Validating source files with md5sums...
rar.1 ... Passed
==> Validating source_x86_64 files with md5sums...
rarlinux-x64-5.4.0.tar.gz ... FAILED
==> ERROR: One or more files did not pass the validity check!

Musikolo commented on 2017-07-16 22:58

Version 5.4.0-2 available:
- Updated checksums due to upstream release changes
- Removed /usr/bin/rar_static file no longer available

Enjoy!

WorMzy commented on 2017-07-16 20:05

Package has been disowned, someone who wants to update and maintain it can take ownership now.

vendforce commented on 2017-07-14 20:49

@gloriouseggroll please don't flag an aur package out of date when its not!
just post a message to update PKGBUILD if there's a problem with the build
the latest rar is 5.4.0 on rar labs, there is no update as of yet

You can edit the PKGBUILD file on the fly and install it with a one liner

su
wget -qO - https://aur.archlinux.org/cgit/aur.git/snapshot/rar.tar.gz | tar xz -C /tmp ; cd /tmp/rar* ; sed -i '/rar_static/d' PKGBUILD ; makepkg -g >> PKGBUILD ; makepkg -s ; pacman -U rar-* ;cd $HOME;clear

Simple !!!

watzon commented on 2017-07-11 21:16

Thanks @HisDudeness for the PKGBUILD

HisDudeness commented on 2017-06-30 17:44

The package fails validity check. I copied the md5sum of the source tar.gz downloaded, changing it to the latest version (5.5.b4) and it passes that step. It then complains about this:

install: cannot stat 'rar_static': No such file or directory

and I can't in fact find rar_static, there's only rar in /usr/bin. So I removed the line

install -Dm755 rar_static "${pkgdir}/usr/bin/rar_static"

from the package() section of the PKGBUILD. It now works. This is my modified PKGBUILD

https://pastebin.com/raw/kCmbmQf7

WorMzy commented on 2017-05-30 08:25

All a matching checksum means is that you have probably* downloaded the same file as the maintainer. The point I'm trying to make is that the checksum in the PKGBUILD isn't necessarilly more valid/secure than the ones other people are reporting in the comments. You argue that only the checksum reported by the maintainer is secure, I argue that no checksum is -- checksums should not be used to verify the validity of a file, only it's integrity.

See also: https://wiki.archlinux.org/index.php/PKGBUILD#Integrity

* apparently it's possible to have two completely different files have a matching md5sum, so this isn't guaranteed.

eang commented on 2017-05-29 16:16

@WorMzy

> What makes you so sure that the maintainer won't simply run updpkgsums and resubmit the package?

I can download the tarball and manually check its checksum with the one claimed in the PKGBUILD.

> How will you know if they do this or liase with upstream

We can't know for sure. But this doesn't mean we should ignore the checksum verification altogether.

> How do you know if /any/ package maintainer verifies the source checksums with upstream?

Some do. Again, just because some maintainers don't care doesn't mean we should expose ourselves by ignoring the checksum verification.

theforeigner commented on 2017-05-26 08:50

The md5sum for rar.1 (whatever that is?) has also changed: 4cffd2771bb4a51e4a68500d799550d8

bric3 commented on 2017-05-24 12:15

For future readers, I edited the PKGBUILD file when asked

The MD5 checksums of source files (respectively http://www.rarlab.com/rar/rarlinux-5.4.0.tar.gz and http://www.rarlab.com/rar/rarlinux-x64-5.4.0.tar.gz)
md5sums_i686=('efa2a5a29f57f34999a9bae355510618')
md5sums_x86_64=('d02b8742478d5e6428c12ee14b2a678d')

And as rarlab removed rar_static, I commented this line :

# install -Dm755 rar_static "${pkgdir}/usr/bin/rar_static"

Jristz commented on 2017-05-14 03:07

I agree that the maintainer need update the pkg, but now that is dynamicaly linked the maintainer probably now need to listed all the deps that rar link.

Musikolo commented on 2017-05-13 16:12

@All,

I got a reply from one of the developers of Rarlab about the checksum change. This is a short snippet of his reply:

"We received a complain from Debian maintainers that statically linked rar violates LGPL:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860952;msg=5

and updated:
- http://rarlab.com/rar/rarlinux-5.4.0.tar.gz
- http://rarlab.com/rar/rarlinux-x64-5.4.0.tar.gz

to remove rar_static from the package. These files on rarlab.com are valid and our server is not compromised."

@FadeMind, since everything seems to be alright, would you mind updating the package accordingly?

Thank you!

Musikolo commented on 2017-05-13 03:33

I just sent an email to the Rarlab development team - http://www.rarlab.com/feedback.htm

I hope to get a reply shortly that helps close this discussion.

Regards.

WorMzy commented on 2017-05-12 17:16

Interesting theory. What makes you so sure that the maintainer won't simply run updpkgsums and resubmit the package? How will you know if they do this or liase with upstream? How do you know if /any/ package maintainer verifies the source checksums with upstream?

eang commented on 2017-05-12 17:05

This package should be considered unsafe until his maintainer doesn't update the checksum in the PKGBUILD (after checking that the tarball is ok). If you manually change the checksum in your local PKGBUILD you are just exposing yourself to a potential attack.

Musikolo commented on 2017-05-09 00:20

@spirtbrat/Pietro_Pizzi thanks for your replies. Everyone is right!

My concern comes from the fact that the checksum shouldn't change once the maintainer updates the PKGBUILD for any given version. Any change without further notice is a reason to suspect the file is no longer secure, and/or the server where the file is stored could have been potentially compromised.

If anyone was able to build version 5.4.0 64-bit with the checksum available in the PKGBUILD (f7181c0aed3b7be402b95185bd61e646), then Houston, we have a situation! The file could have been compromised in the server. It's also possible the RarLab team has legitimately modified the file, but IMO that's very unlikely.

However, if nobody was able to build it and everyone was ever getting the same issue, then the maintainer might have forgotten or used the wrong checksum. New checksum is d02b8742478d5e6428c12ee14b2a678d.

So, just to clarify, has anyone being able to build the package with the old checksum (f7181c0aed3b7be402b95185bd61e646)?

Thank you!

spirtbrat commented on 2017-05-06 21:57

Jesus Christ, people are touchy. I must've been too harsh in my comment
The upstream rar package is different than the one the PKGBUILD was made for, without changing neither the minor or the major version number. This shouldn't be surprising. rar is not open source and they can do whatever they like.
Either the PKGBUILD maintainer should actualize the checksum, or the user should ignore the check (--skipchecksums).
Besides, there's no 'rar_static' in the current download from rarlab, so probably the maintainer should intervene.
Anyways - use anything else for compression (zstandard) or unrar for decompression and you'll avoid most of the drama.

Pietro_Pizzi commented on 2017-05-06 21:25

@spirtbrat:
I tried to be nice and helpful (not just now, ever!). I studied computer science but I although learned a lot through forums, blogs a.s.o, so I want to give something back. Not everyone who installs arch is a Linux nerd and know what I tried to explain. I'm although no arch guru but I think my explanation is good enough to understand. So why are you so a jerk? Particularly in this case where you obviously can't read and write and don't have anything helpful to say!

1. He tried to install the x64 version and therefore my md5sum is correct!
2. If you and every other uses the efa... md5 for the NOT x64 version then the md5 in the pkgbuild is incorrect for this one although. See the md5s from the pkgbuild:
md5sums_i686=('cd1fede60f8dde36f62283f371e7cc6b')
md5sums_x86_64=('f7181c0aed3b7be402b95185bd61e646')
3. I don't give him the advice to replace the checksum with arbitrary numbers. I do the total opposite. I showed him a way to get the number by him self. And in addition for lazy dudes I give the CORRECT # too. Anyone, besides you, can check that I posted no "bullshit" by copy&paste of the commands I explained.
4. And BTW, "nobody should not..." means "everybody should..." and I think you don't mean that!?
5. But OK, sorry that I don't hold a lesson that you don't should trust strangers on the Internet or trolls like you. I don't think this direction when I'm posting because I'm a good guy and don't post "bullshit", at least I try. I know, nobody can know this, but therefore i have given the instructions.

@all:
So enough from this. For all other serious guys, if you have trouble to update to 5.4, i have managed it:
1. If you have something that depends on unrar (sabnzbd in my case), install unrar like @FadeMind says. In this process you have to remove rar. If you don't do it that way rar can't get installed because it removes unrar and that would break the dependency for your other app.
2. (Re)install rar and edit the pkgbuild:
A. Change the md5sum for your version, like I explained before.
B. I'm not sure for this but it works for me: Remove the line that would install rar_static. The install process can't find the file and i checked both tar.gz and it really isn't there. If anybody knows it better please enlighten us, or at least me ;).
3. Save the pkgbuild, finish the install and now it should work.

Hope this helps again!

spirtbrat commented on 2017-05-06 20:07

@Pietro_Pizzi this is a complete bullshit.
the md5sum I and everyone else are currently getting is:
efa2a5a29f57f34999a9bae355510618 for rarlinux-5.4.0.tar.gz
Apparently the rar guys have changed the package. Supprise!

Contrary to your advice, nobody should not just replace the checksum with arbitrary one from the internet. It makes all the chain-of-trust thing mute.
You can always ignore it and install anything that's on the interwebs now. But you should warn people not to complain if it's not what they have expected.

Pietro_Pizzi commented on 2017-05-06 19:48

You can fix this every time you have such a problem by:

1. Start the install and choose to edit the pkgbuild.
2. In another console go to pkgbuild directory "cd /tmp/yaourt-tmp-$(whoami)/aur-rar".
3. Check the MD5 sum "md5sum rarlinux-x64-5.4.0.tar.gz"
4. Replace the false one in the pkgbuild with the given one, in this case "d02b8742478d5e6428c12ee14b2a678d".
5. If you are kind post it in the relative AUR package post for others with the same Problem and for the maintainer to get him notified :).

Hope this helps!

Musikolo commented on 2017-05-05 01:48

I'm getting a checksum error. I've repeated the whole thing several times:
- https://pastebin.no/rajolemuvu.coffeescript

Is it happening to anybody else?

Pietro_Pizzi commented on 2017-05-04 22:17

Is it my fault?

...
==> Starting package()...
install: cannot stat 'rar_static': No such file or directory
==> ERROR: A failure occurred in package().
...

FadeMind commented on 2017-01-18 19:54

Updated to 5.40
Removed unrar installing rule. Please using official libunrar and unrar packages from extra repository.

deathtrip commented on 2016-11-11 18:48

I think it's because unrar is already in the official repos.
Anyway, we need an update here.

NoSuck commented on 2016-11-10 11:17

Why isn't this in [community] or even [extra]? Is the license holding it back?

rob2uk commented on 2016-09-04 16:40

Updated PKGBUILD here:

http://pastebin.com/fCRyLs3t

rob2uk commented on 2016-09-04 16:28

rar is now at 5.4.0, so this package is now out of date

FadeMind commented on 2016-02-15 13:20

Current version at 20160215
RAR 5.30 for Linux
RAR 5.30 for Linux x64

AUR was updated and improved (provides unrar) at 2016-02-13.

So please don't mark this OUT-OF-DATE.

Det commented on 2015-02-07 17:18

That doesn't require even bumping the pkgrel, by the way.

WorMzy commented on 2015-02-06 15:33

Please enclose your srcdir and pkgdir variables in double quotes, to prevent problems with paths with spaces.

Det commented on 2015-01-21 12:48

Now that with pacman 4.2.0 [1] / AUR 3.5.0 [2] there is support for architecture-specific sources [3], you could use:

source_i686=(http://www.rarlab.com/rar/rarlinux-$pkgver.tar.gz)
source_x86_64=(http://www.rarlab.com/rar/rarlinux-x64-$pkgver.tar.gz)
md5sums_i686=('11043888e0322a9035e2f24e4b248dc5')
md5sums_x86_64=('82d9266a8fcc40636057fa1cdf62e398')

Instead of:

if [ "$CARCH" = "i686" ]; then
source=(http://www.rarlab.com/rar/rarlinux-$pkgver.tar.gz)
md5sums=('11043888e0322a9035e2f24e4b248dc5')
elif [ "$CARCH" = "x86_64" ]; then
source=(http://www.rarlab.com/rar/rarlinux-x64-$pkgver.tar.gz)
md5sums=('82d9266a8fcc40636057fa1cdf62e398')
fi

The AUR "Sources" section will then look like so: https://aur.archlinux.org/packages/google-chrome/

[1] = https://projects.archlinux.org/pacman.git/tree/NEWS
[2] = https://lists.archlinux.org/pipermail/aur-dev/2014-November/002968.html
[3] = https://wiki.archlinux.org/index.php/PKGBUILD#source

vagorafaelino commented on 2014-12-03 02:06

New version is out: 5.2.0

vagorafaelino commented on 2014-12-03 01:59

New version is out: 5.2

sparse commented on 2014-11-01 20:04

I think there is no need to "provides=( 'rar' )"

sparse commented on 2014-11-01 20:03

I think there is no nedd to "provides=( 'rar' )"

lolilolicon commented on 2014-07-05 09:27

rar manpage updated to 5.10 http://ix.io/dgN
pod2man -c "RAR User's Manual" -n "RAR" -r "$pkgname $pkgver" -s 1 rar.1.pod rar.1

rtfreedman commented on 2013-12-03 17:12

I think it's worthwhile to add rar.txt and whatsnew.txt to the package.

metak commented on 2013-12-03 09:08

Version 5.01 available

lolilolicon commented on 2013-09-20 02:57

I my own version of the PKGBUILD, I do not install unrar, because it seems to me the rar binary does everything unrar does. Am I correct?
I also echo hbdee's feeling that the unrar in the repos built from source should be preferred over the binary shipped in this tarball.

hbdee commented on 2013-09-19 20:19

@graysky - I disagree for the reason in my previous post(I use kdeutils-ark so a broken unrar is no good for me) and because official unrar pkg is built from source and maintained by giovanni, which I feel is better than the unrar binary provided by the tarball this packages uses. Maybe a better option is to have this pkg build unrar from source as a split pkg. This way it can conflict with the official pkg and still give the user the choice of an officially maintained pkg that is stable or the aur package that may or may not be stable. However, I feel like adaptee won't be willing to do this.

graysky commented on 2013-09-19 19:54

@hbdee - Hmm... perhaps this pkg should conflict with unrar from the repos...

hbdee commented on 2013-09-19 19:42

@graysky - Shouldn't unrar be commented out because it's in the official repos? This way the user can decide which version they want to use, for example https://bugs.archlinux.org/task/35096 forces me to use the official pkg because they downgraded it to work around the breakage. I agree with everything else you wrote.

lolilolicon commented on 2013-09-06 01:18

Here I share with you rar(1) manpage for rar 5.00 converted from Rar.txt (extracted from WinRAR Installer): http://ix.io/7Sy
Save it as rar.1.pod, and convert to manpage like this:
pod2man -c "RAR User's Manual" -n "RAR" -r "$pkgname $pkgver" -s 1 rar.1.pod rar.1

graysky commented on 2013-09-05 16:55

* No need for the /bin/true in the build function... in fact, I believe you can omit the build function entirely.
* Why do you have this replace rar-beta? It should conflict with rar-beta, no?
* Why is unrar commented out?
* No need for the mkdir line for the manpage, just install rar.1 with -Dm644

graysky commented on 2013-09-05 16:51

* No need for the /bin/true in the build function... in fact, I believe you can omit the build function entirely.
* Why do you have this replace rar-beta? It should conflict with rar-beta, no?
* Why is unrar commented out?

scorici commented on 2013-09-05 13:21

Remove the md5sum at the end:
md5sums=('7203cd3f3f01acd3b62d8d377de59f2e'
'9d46739d2c89b239fe1158d95cdb8db5')
and replace the updated md5sums for both i686 and x84_64 like this:
if [ "$CARCH" = "i686" ]; then
source=(http://www.rarlab.com/rar/rarlinux-$pkgver.tar.gz
rar.1)
md5sums=('cc80d05d868e7a07f79ad4d4f0fab265'
'9d46739d2c89b239fe1158d95cdb8db5')
elif [ "$CARCH" = "x86_64" ]; then
source=(http://www.rarlab.com/rar/rarlinux-x64-$pkgver.tar.gz
rar.1)
md5sums=('7203cd3f3f01acd3b62d8d377de59f2e'
'9d46739d2c89b239fe1158d95cdb8db5')
fi

holyArch commented on 2012-10-17 21:32

Shame that such useful package does not have a proper PKGBUILD.

holyArch commented on 2012-10-17 21:17

Can someone provide a decent PKGBUILD and share with us?

graysky commented on 2012-09-30 12:56

@adaptee - all of the returns in the PKGBUILD are unneeded and outdated. Again, see the following as an example: http://repo-ck.com/PKG_source/rar/PKGBUILD

R00KIE commented on 2012-09-27 08:37

Why was the man page removed? If it was a mistake you can get it from this package [1].
If the removal was not an accident why is it that you are still creating ${pkgdir}/usr/share/man/man1 ?

[1] https://aur.archlinux.org/packages.php?ID=17443

hav3lock commented on 2012-09-05 18:35

Why, what's wrong with the one I already have up? I'm not trying to be difficult, just so you know, I'm just trying to figure out exactly what is it that is undesirable? (I looked at one of Graysky's PKGBUILDs, but I fail to see how it pertains.)

Det commented on 2012-09-05 17:21

Please use something more like graysky's PKGBUILD, which applies to the standard PKGBUILD pattern.

hav3lock commented on 2012-09-04 07:07

Let me know if anything doesn't work, thanks; you're welcome. :)

hav3lock commented on 2012-09-04 07:04

No problem, updating right now.

jorge_barroso commented on 2012-08-09 19:33

please update rar with the following URL's correspondants to the 4.20 version

i686: http://www.rarlab.com/rar/rarlinux-4.2.0.tar.gz

x86_64:http://www.rarlab.com/rar/rarlinux-x64-4.2.0.tar.gz

thanks pal

graysky commented on 2012-08-08 09:07

Updated to current ARCH standards: http://repo-ck.com/PKG_source/rar/PKGBUILD

mister_playboy commented on 2012-07-15 04:10

Thanks Sarkasper. :)

http://pastebin.com/gtGShh6a

intgr commented on 2012-07-13 23:38

PS: please use pastebin for sending PKGBUILDs. AUR doesn't preserve indentation correctly.

gh0st commented on 2012-07-13 12:52

#PKGBUILD


# Maintainer: TuxSpirit <tuxspirit AT archlinux DOT fr>

pkgname=rar
pkgver=4.2.0
pkgrel=1
pkgdesc="A command-line port of the rar compression utility"
arch=('i686' 'x86_64')
url="http://www.rarlab.com"
license=('custom')
depends=('gcc-libs')
replaces=('rar-beta')
backup=('etc/rarfiles.lst')
provides=('rar')
if [ "$CARCH" = "i686" ]; then
source=(http://www.rarlab.com/rar/rarlinux-$pkgver.tar.gz)
md5sums=('33dd6e01b7c336706ec778776b2151b2')

elif [ "$CARCH" = "x86_64" ]; then
source=(http://www.rarlab.com/rar/rarlinux-x64-$pkgver.tar.gz)
md5sums=('bc319712e998179249494a4eb168af7b')
fi

build() {

mkdir -p ${pkgdir}/usr/share/doc/${pkgname} || return 1
mkdir -p ${pkgdir}/usr/share/man/man1 || return 1

cd ${srcdir}/rar

install -Dm755 rar ${pkgdir}/usr/bin/rar || return 1
#install -Dm755 unrar ${pkgdir}/usr/bin/unrar || return 1
install -Dm755 rar_static ${pkgdir}/usr/bin/rar_static || return 1

install -Dm755 default.sfx ${pkgdir}/usr/lib/default.sfx || return 1

install -Dm644 rarfiles.lst ${pkgdir}/etc/rarfiles.lst || return 1

install -Dm644 license.txt ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE || return 1

install -m644 {*.htm,*.txt} ${pkgdir}/usr/share/doc/${pkgname} || return 1

#install -m644 ${srcdir}/rar.1 ${pkgdir}/usr/share/man/man1/rar.1 || return 1
}

Unia commented on 2012-06-18 15:24

Easy to update: just change pkgver to 4.2.0 in the PKGBUILD and change the md5sums accordingly (using makepkg -g >> PKGBUILD)

taylorchu commented on 2012-06-15 17:55

4.2 is here

rafaelff commented on 2012-04-15 03:40

@tuxspirit: FYI, no need for "|| return 1", as makepkg knows how to deal with errors.

Anonymous comment on 2012-04-14 19:21

Updated to 4.11 (final version)

holyArch commented on 2012-03-26 09:42

Update needed.

taylorchu commented on 2012-03-07 19:26

taylorchu commented on 2012-03-07 19:26

rar 4.1.1 released. please update

Anonymous comment on 2012-02-02 19:48

Updated to 4.10 (final version)

@fabienwang : thank you for your comment.

fwhcat commented on 2012-01-20 11:45

4.10 available. http://www.rarlab.com/rar/rarlinux-4.1.0.tar.gz

Anonymous comment on 2011-07-06 16:36

Updated to 4.01 (final version)

Anonymous comment on 2011-03-10 09:33

Updated to 4.0 (final version)

Anonymous comment on 2011-03-09 18:03

version 4.00 is out

kvasthval commented on 2010-10-13 12:21

Thanks and sorry! :-)

Anonymous comment on 2010-10-12 18:25

Fixed the problem with backup=('/etc/rarfiles.lst')

Please sending email for corrections. Thanks!

kvasthval commented on 2010-10-12 15:42

Flagging as out-of-date - please fix this problem, it won't take more than a few seconds.

Anonymous comment on 2010-08-31 01:29

solved here too

Anonymous comment on 2010-08-04 02:42

yes,

replacing to 'etc/rarfiles.lst' solved the problem.

Anonymous comment on 2010-08-04 01:45

PKGBUID: Line 12

backup=('/etc/rarfiles.lst')

should be

backup=('etc/rarfiles.lst') ?

Anonymous comment on 2010-07-05 17:30

Here is simple solution. Download latest RAR package from this repo:
http://repo.archlinux.fr/x86_64/

And install with pacman -U

Anonymous comment on 2010-07-03 17:50

Same here, Arch 64bit.
How to fix this?
Is there some way to correct this in PKGBUILD or something?

killajoe commented on 2010-07-03 17:22

yes for me too under arch64

Anonymous comment on 2010-06-24 21:38

Invalid backup entry : /etc/rarfiles.lst