Package Details: stellarium 24.1-1

Git Clone URL: https://aur.archlinux.org/stellarium.git (read-only, click to copy)
Package Base: stellarium
Description: Software which renders realistic skies in real time with OpenGL
Upstream URL: https://stellarium.org
Licenses: GPL-2.0-or-later
Submitter: arojas
Maintainer: carlosal1015
Last Packager: carlosal1015
Votes: 67
Popularity: 3.64
First Submitted: 2022-04-01 18:43 (UTC)
Last Updated: 2024-03-27 23:45 (UTC)

Pinned Comments

carlosal1015 commented on 2023-02-01 18:12 (UTC) (edited on 2023-12-18 03:52 (UTC) by carlosal1015)

Hi @waldbaer59, the reason is that libindi reached version 2.0.0 and stellarium is not compatible.

We must wait the next release. See https://github.com/Stellarium/stellarium/issues/3038

carlosal1015 commented on 2022-11-01 05:22 (UTC)

Pre-built binaries of this package and its dependencies can be found in the arch4edu repository.

carlosal1015 commented on 2022-04-02 19:14 (UTC) (edited on 2022-07-07 16:46 (UTC) by carlosal1015)

Important note: Is recommended to receive the following key before to install:

$ gpg --recv-keys BF38D4D02A328DFF

Also is possible skip the verification, adding the flag for (e.g makepkg, yay) --skippgpcheck, --nopgpfetch, respectively.

Latest Comments

1 2 3 4 5 6 7 Next › Last »

CaliforniaCoach commented on 2024-02-04 15:30 (UTC)

@afontenot You are right, that line "weak-digest SHA1" is there in my gpg.conf. I have added it (in addition other lines) years ago, based on this article, but now did not think of it anymore; thank you for reminding me and pointing me to this my deviation from default behavior/configuration.

Nevertheless: Although using SHA1 for self-signatures of PGP keys is not insecure, i.e. SHA1's weakness not problematic for this particular purpose, I found many voices on the web claiming that SHA1 should generally not be used anymore for anything, or banned altogether. So it might be worth considering re-self-signing all keys anyway, found these useful instructions on how to achieve this (only in German unfortunately).

Thanks a lot for your help, and for providing Stellarium, I do love this beautiful program! <3

afontenot commented on 2024-01-30 04:22 (UTC)

@CaliforniaCoach: I'm almost certain you have weak-digest SHA1 set somewhere in your GPG config file. I haven't changed my config file (in fact I don't have one), and I have no issue with running gpg --verify -v stellarium-23.4.tar.gz.asc.

Check the Arch Wiki for some possible locations of these files.

You shouldn't need to allow weak digest algorithms, because according to GPG documentation, "MD5 is the only digest algorithm considered weak by default."

CaliforniaCoach commented on 2024-01-21 14:18 (UTC) (edited on 2024-01-21 14:19 (UTC) by CaliforniaCoach)

Coming back to my problem from 2023-10-07: I am still having the same issue, makepkg still aborts with an error "One or more PGP signatures could not be verified" (yeah, I know, I could skip the check with --skippgpcheck, but it does not feel good and lowers security).

My outputs of gpg --verify ... from 2023-10-07 are still (almost) the same, sig check fails with standard options and passes with --allow-weak-digest-algos option. Using newer gpg version 2.4.3 this time, though.

I think it would be easy to fix it on your (or Alexander Wolf's) side, you (or Alexander) would just have to (cross-)sign the keys again with the proper algos (other than SHA-1), and an up-to-date gpg version. I also found this related article: https://www.gnupg.org/faq/subkey-cross-certify.html

Could you do so, please?

grg3 commented on 2023-12-24 14:49 (UTC) (edited on 2023-12-24 14:50 (UTC) by grg3)

I am getting stuck here when compiling:

[65/934] Building CXX object plugins/Exoplanets/src/CMakeFiles/Exoplanets-static.dir/Exoplanets-static_autogen/mocs_compilation.cpp.o ninja: build stopped: subcommand failed. ==> ERROR: A failure occurred in build(). Aborting... error: failed to build 'stellarium-23.4-4': error: packages failed to build: stellarium-23.4-4

carlosal1015 commented on 2023-12-23 22:39 (UTC)

Alright, nlopt is a dependency.

kakonema commented on 2023-12-23 17:50 (UTC) (edited on 2023-12-23 17:50 (UTC) by kakonema)

stellarium wouldn't start because of missing libnlopt.so.0, so i guess it depends on nlopt package

unphysicalix commented on 2023-12-17 20:37 (UTC) (edited on 2023-12-17 22:17 (UTC) by unphysicalix)

Hi. I had to rebuild stellarium since I ran across the same startup-error as this guy: https://www.indilib.org/forum/ccds-dslrs/14096-asi-driver-crashed-with-symbol-lookup-error.html so I guess, my INDI-library also updated since the last time I successfully used stellarium. (I also rebuilt calcmysky, not sure if that was necessary.) works again. Greetings

vishvas commented on 2023-10-08 04:40 (UTC)

I get :

 -> Failed to install the following packages. Manual intervention is required:
stellarium - exit status 1

CaliforniaCoach commented on 2023-10-07 13:39 (UTC) (edited on 2023-10-07 13:39 (UTC) by CaliforniaCoach)

@carlosal1015 I tried, but same result. Note: To import the key from the key server you suggested, I had to give gpg the option "--allow-weak-digest-algos", too.

So as far as I can see, I got the right key into my local gpg database, no problem (although I had to use "--allow-weak-digest-algos" to allow SHA-1 for importing the key). But the problem is that "makepkg" still does not allow that SHA-1 signature/key and rejects the sig check.

Note: I use gpg version 2.2.41:

$ gpg --version
gpg (GnuPG) 2.2.41
libgcrypt 1.10.2-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/bernd/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
        CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

CaliforniaCoach commented on 2023-10-07 13:31 (UTC)

If I do it with additional option "--allow-weak-digest-algos" for gpg, it works. Don't know if it is possible to somehow tell "makepkg" to allow SHA-1 accordingly?

$ gpg --verify -v --allow-weak-digest-algos stellarium-23.3.tar.gz.asc stellarium-23.3.tar.gz
gpg: enabled compatibility flags:
gpg: Signature made Mon 25 Sep 2023 03:12:04 PM CEST
gpg:                using RSA key F57F309D74C9A94E2B6AA5D09380E47C0374E169
gpg: using subkey 9380E47C0374E169 instead of primary key BF38D4D02A328DFF
gpg: using subkey 9380E47C0374E169 instead of primary key BF38D4D02A328DFF
gpg: using pgp trust model
gpg: Good signature from "Alexander Wolf <alex.v.wolf@gmail.com>" [unknown]
gpg: using subkey 9380E47C0374E169 instead of primary key BF38D4D02A328DFF
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7915 1C2E 6351 E727 8DA1  A730 BF38 D4D0 2A32 8DFF
     Subkey fingerprint: F57F 309D 74C9 A94E 2B6A  A5D0 9380 E47C 0374 E169
gpg: binary signature, digest algorithm SHA512, key algorithm rsa1024