Arch Linux User Repository

To install the package first import jaromil PGP key:

gpg --recv-keys 6113D89CA825C5CEDD02C87273B35DA54ACB7D10

Alternatively add keyserver-options auto-key-retrieve to your ~/.gnupg/gpg.conf.

This key can also be found on https://keybase.io/jaromil

@DaveCode: Yeah, this PKGBUILD is really weird, I only adopted it to at least bring it up to date. As you've pointed out, there are still plenty of fixes it needs. I don't have the time right now to work on this, would you be willing to take over maintainership?

BTW I don't have wipe installed and it may be optdepends. Do $ cat src/Tomb-1.5.2/Makefile which says wipe is just "recommended" not required.

1. Same err as 2014-01-05 04:16 showing tomb-kdf twice. Best guess, this PKGBUILD breaks AUR guidelines. It lacks a single package() function. It's two packages, not one. It seems to want tomb-kdf as a "shadow package," not kosher. What the heck is true && pkgname=(tomb tomb-kdf) supposed to do? Split into tomb-kdf and tomb separately or merge completely somehow under ONE package name. If the previous maintainer's work was your baseline, it would be easier to start from scratch using info from https://wiki.archlinux.org/index.php/creating_packages https://wiki.archlinux.org/index.php/Arch_packaging_standards https://wiki.archlinux.org/index.php/PKGBUILD https://wiki.archlinux.org/index.php/PKGBUILD_Templates https://wiki.archlinux.org/index.php/VCS_PKGBUILD_Guidelines 2. Oh my...he only signs checksums. Checksums are easy to spoof with mere code comments. Tell jaromil. He needs to sign the tarballs not their checksums. Right now the PKGBUILD doesn't even check a SHA sig, does it? There's a comment in there about his key, but nothing is done with it? https://wiki.archlinux.org/index.php/makepkg#Signature_checking

@DaveCode: 1) I don't get this error, either by using makepkg or by using pacaur. Namcap doesn't report any errors like this either. I'm not sure how I can troubleshoot this on my end. Is there any more detail you can provide? 2) Check the available files here [1], they don't provide a signature for the tarball itself, only the checksum file. Unless there is one available somewhere else? [1] https://files.dyne.org/tomb/

Thanks for adoption. Issues, 1. Dup target in pacaur when done building pkg and tries to install. error: '/blah/bleh/foo/pacaurtmp-root/tomb/tomb-kdf-1.5.2-1-x86_64.pkg.tar.xz': duplicate target 2. PKGBUILD should verify gpg sig on download tarball, not just sha sums, a security pkg merits full treatment.

I've adopted this package and updated it to the current version, 1.5.2.

The past couple pastebins are expired, so I updated the PKGBUILD myself for the current version (v1.5.2) and have it here: https://gist.github.com/richli/9224088

Here's what tried to run # tail -n 1 /var/log/pacman.log [PACMAN] Running '/usr/bin/pacman -U /tmp/XDG_CACHE_HOME_root/pacaurtmp-root/tomb/tomb-1.4-2-any.pkg.tar.xz /tmp/XDG_CACHE_HOME_root/pacaurtmp-root/tomb/tomb-kdf-1.4-2-x86_64.pkg.tar.xz /tmp/XDG_CACHE_HOME_root/pacaurtmp-root/tomb/tomb-kdf-1.4-2-x86_64.pkg.tar.xz'

Voted. Failure report on x86_64: public key glitch and dup target. http://pastebin.archlinux.fr/486221

i'm sorry! i didn't get the sha verification messages! i'm testing boyska modifications and i'll upload the new pkgrel afterwards :)