This AUR Biuld is frustating.
[werner@zeus Downloads]$ sha256sum vuex6497.tgz 250396fdce34991e79102121d1e3f1efa8a044e49f0b464731cea136014b31e2
Git Clone URL: | https://aur.archlinux.org/vuescan-bin.git (read-only, click to copy) |
---|---|
Package Base: | vuescan-bin |
Description: | A powerful proprietary scanning tool developed by Hamrick Software |
Upstream URL: | https://www.hamrick.com/ |
Keywords: | scanning |
Licenses: | custom |
Submitter: | ninian |
Maintainer: | FabioLolix |
Last Packager: | FabioLolix |
Votes: | 48 |
Popularity: | 0.89 |
First Submitted: | 2015-08-28 21:59 (UTC) |
Last Updated: | 2023-05-07 22:26 (UTC) |
This AUR Biuld is frustating.
[werner@zeus Downloads]$ sha256sum vuex6497.tgz 250396fdce34991e79102121d1e3f1efa8a044e49f0b464731cea136014b31e2
Latest sha256sums (generate by running makepkg --geninteg against the package):
sha256sums='6dbe377ee83561ef0b12fec64dadb5c81beb1f9ee274284c09184366bad1a6d6'
'a536feed770fa379b3ea0147721a74ad5f19db493c098eec570d363b70f0847d'
'211d104dc5e23530298d25ef0ae3760863b3f97113a1e80b228c866f576381ef)
sha256sums_i686='2d8184cf617655e71ae68598eebec8926effd77c19a86e242d4e620cddf00007')
sha256sums_x86_64='56231e08bf86351cb8373996e08506db859f3dc88ad054eca2be29666795e613')
sha256sums_armv6h='34dfbf7effc140fec648175036e86fe061a27262b3f35fb002db1a44cc4995a2')
sha256sums_aarch64='d0bfb158300865b2db46362f41870aece95f45e9eb998ef2326ae072d68a2d10')
I've some errors:
==> Checking source_x86_64 files with sha256sums... vuescan-bin-x64-2020-07-03-01-55.tgz ... FAIL ==> ==> ERROR: One or more files are invalid! error downloading sources: vuescan-bin
This package is a chore for any package maintainer because of the frequent updates and the way it is distributed.
@FabioLolix, I'd just go ahead and maintain this like a git package, skipping the checksums and generating the pkgver automatically. Then users can just update the package from the AUR whenever they feel the urge to do so. I've uploaded a PKGBUILD which does this here: https://gist.github.com/agraef/69f9c18b9a520059ce22ec4b1ba8a652
Note that this uses wget and grep/sed to extract the current version number from the author's website. This might need tweaking when the layout of https://www.hamrick.com/alternate-versions.html changes.
Man, this package is nearly unmaintained. Checksums don't match, updates need fresh install and so on. Worst maintainer.
at the very least, all URLs should be HTTPS-based
skipping the signature is no option, honestly.
@emmerkar I think it probably has to have SKIP for the sha256sum for the package tar file unless it is going to be updated every release which has not been the case in the past.
sha256ssum for x86-64 package should be upgraded to 504769596aaebe61808daf08e603ccbf06582e6b909ef7390c141098e23b26b2
source_i686=("$pkgname-x32-$(date +%F-%H-%M).tgz::http://www.hamrick.com/files/vuex3297.tgz") source_x86_64=("$pkgname-x64-$(date +%F-%H-%M).tgz::http://www.hamrick.com/files/vuex6497.tgz")
still using HTTP for x86/x86_64. Signature skipping is insecure.
Pinned Comments
FabioLolix commented on 2022-07-22 19:20 (UTC)
THE PKGBUILD IS NOW CONSIDERED LIKE A VCS ONE, THIS MEAN IT WILL NOT BE BUMPED FOR EVERY VERSION, REPORT ONLY BUILD PROBLEMS NOT NEW VERSIONS!!
THE PKGBUILD IS NOW CONSIDERED LIKE A VCS ONE, THIS MEAN IT WILL NOT BE BUMPED FOR EVERY VERSION, REPORT ONLY BUILD PROBLEMS NOT NEW VERSIONS!!
THE PKGBUILD IS NOW CONSIDERED LIKE A VCS ONE, THIS MEAN IT WILL NOT BE BUMPED FOR EVERY VERSION, REPORT ONLY BUILD PROBLEMS NOT NEW VERSIONS!!
FabioLolix commented on 2022-06-11 18:18 (UTC)
OCR is only available for the professional edition, OCR files should be splitted to a separate pkgbuild? Send your opinion at my email
FabioLolix commented on 2022-03-25 16:26 (UTC) (edited on 2024-04-23 17:04 (UTC) by FabioLolix)
The pkgbuild is now considered like a VCS one, this mean it will NOT be bumped for every version, report ONLY build problems not new versions.
Complainers who can't read: 16
Rebuild!