Package Details: rua 0.19.9-1

Git Clone URL: https://aur.archlinux.org/rua.git (read-only, click to copy)
Package Base: rua
Description: AUR helper in Rust providing control, review, patch application and safe build options
Upstream URL: https://github.com/vn971/rua
Keywords: aur rust
Licenses: GPL3
Submitter: vasya
Maintainer: vasya
Last Packager: vasya
Votes: 52
Popularity: 2.14
First Submitted: 2018-10-29 14:26 (UTC)
Last Updated: 2023-10-04 20:10 (UTC)

Dependencies (9)

Required by (0)

Sources (1)

Latest Comments

1 2 3 4 5 6 7 Next › Last »

vasya commented on 2023-10-04 21:03 (UTC)

Apologies, version 0.19.8 was insufficiently tested before releasing, and had a bug (doesn't work properly). Upgrading to 0.19.9 should fix the issue. The bug was reported (and fixed quickly after reporting) here: https://github.com/vn971/rua/issues/216

If you've already built the erroneous version of rua today, you can fix it by re-installing from scratch: https://github.com/vn971/rua#install-the-aur-way , or via cargo install rua && ~/.cargo/bin/rua install rua && cargo uninstall rua, or in any other way you prefer. If you haven't built version 0.19.8, then you can safely upgrade to 0.19.9 and should not experience any problems.

vasya commented on 2023-03-28 15:22 (UTC) (edited on 2023-03-28 15:23 (UTC) by vasya)

Hey! There was a security vulnerability (actually even 3 of them) in openssl/Rust: - https://github.com/advisories/GHSA-9qwg-crg9-m2vc - https://github.com/advisories/GHSA-6hcf-g6gr-hhcr - https://github.com/advisories/GHSA-3gxf-9r58-2ghg

By default, this should not apply to rua as it uses rustls instead of native openssl. However, if you happen to override it manually, and if use the native-tls feature, please update the package to address the CVEs.

vasya commented on 2022-12-10 00:23 (UTC)

@yochananmarqos: let's see how it'll evolve. If more people will be stuck on rustup update, I'll check if I can specify an "higher-or-equal" version. For now I'll leave it as-is, which is "stable".

The link you've sent me for Rust packaging was very useful regardless BTW, thank you. It didn't exist at the time of rua's creation, and it's good to proof-read the PKGBUILD now.

yochananmarqos commented on 2022-12-10 00:09 (UTC)

@vasya: Maybe we're both misunderstanding each other.

Either one's toolchain is up to date or it's not. It has nothing to do with the AUR. I don't recommend pinning a version.

yochananmarqos commented on 2022-12-10 00:07 (UTC)

@vasya: Sorry, I guess I was wrong. I missed that @simona had not updated their toolchain and I see that solved it.

If you want to switch to nightly occasionally, you can. Just use export RUSTUP_TOOLCHAIN=nightly in the PKGBUILD instead to match upstream.

vasya commented on 2022-12-10 00:02 (UTC)

@yochananmarqos it's a bit more tricky than that I think. The project does specify it's toolchain, "stable", here: https://github.com/vn971/rua/blob/master/rust-toolchain.toml However, if you haven't updated your rustup in a while, your stable and my stable might differ. If raur really only works on the absolute latest version of the compiler, I guess I'll be forced to pin that specific version or later in that file.. I wasn't aware of it though, it's an unfortunate change.

simona commented on 2022-12-10 00:00 (UTC) (edited on 2022-12-10 00:00 (UTC) by simona)

solved with rustup update. thx.

yochananmarqos commented on 2022-12-09 23:58 (UTC)

@vasya: if export RUSTUP_TOOLCHAIN=stable was used per Rust package guidelines, things like that would not happen.

vasya commented on 2022-12-09 23:57 (UTC) (edited on 2022-12-09 23:58 (UTC) by vasya)

@simona, could you see if rustup update fixes the issue?

simona commented on 2022-12-09 23:54 (UTC)

rustup 1.25.1 (2022-11-01)