From nobody at parabola.nu Fri Nov 4 18:26:24 2022 From: nobody at parabola.nu (Parabola Website Notification) Date: Fri, 04 Nov 2022 18:26:24 -0000 Subject: [Dev] Orphan Pcr package [bdf-unifont] marked out-of-date Message-ID: <20221104182624.3710385.6463@winston.parabola.nu> wael at waelk.tech wants to notify you that the following packages may be out-of-date: * bdf-unifont 14.0.04-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/bdf-unifont/ * bdf-unifont 14.0.04-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/bdf-unifont/ * bdf-unifont 14.0.04-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/bdf-unifont/ * hex-unifont 14.0.04-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/hex-unifont/ * hex-unifont 14.0.04-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/hex-unifont/ * hex-unifont 14.0.04-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/hex-unifont/ * otf-unifont 14.0.04-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/otf-unifont/ * otf-unifont 14.0.04-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/otf-unifont/ * otf-unifont 14.0.04-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/otf-unifont/ * pcf-unifont 14.0.04-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/pcf-unifont/ * pcf-unifont 14.0.04-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/pcf-unifont/ * pcf-unifont 14.0.04-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/pcf-unifont/ * psf-unifont 14.0.04-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/psf-unifont/ * psf-unifont 14.0.04-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/psf-unifont/ * psf-unifont 14.0.04-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/psf-unifont/ * ttf-unifont 14.0.04-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/ttf-unifont/ * ttf-unifont 14.0.04-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/ttf-unifont/ * ttf-unifont 14.0.04-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/ttf-unifont/ * unifont-utils 14.0.04-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/unifont-utils/ * unifont-utils 14.0.04-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/unifont-utils/ * unifont-utils 14.0.04-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/unifont-utils/ The user provided the following additional text: Patches have been sent to the mailing list on October 25th to bump the version up to 15.0.01 From wael at waelk.tech Fri Nov 4 18:37:59 2022 From: wael at waelk.tech (Wael Karram) Date: Fri, 04 Nov 2022 20:37:59 +0200 Subject: [Dev] [GMID] Package update Message-ID: <3858e0dc4007284b6cfc11aafd63b6f2e320b14b.camel@waelk.tech> Hello, Upstream published a new version a few days ago, I've attached the updated PKGBUILD. -- Kind Regards, Wael Karram. -------------- next part -------------- # Maintainer (aur): Andrea Feletto # Maintainer: Wael Karram # Contributor: bill-auger # parabola changes and rationale: # - delete unlicensed files # - add openrc service files pkgname=gmid pkgver=1.8.5 pkgrel=1 pkgdesc='Fast Gemini server written with security in mind.' arch=('x86_64') arch+=('i686' 'armv7h') url='https://gmid.omarpolo.com' license=('custom:ISC') install=${pkgname}.install backup=(etc/conf.d/${pkgname} etc/${pkgname}.conf) depends=('libretls' 'libevent') mksource=(https://github.com/omar-polo/${pkgname}/releases/download/${pkgver}/${pkgname}-${pkgver}.tar.gz) source=( https://repo.parabola.nu/other/${pkgname}-libre/${pkgname}-libre-${pkgver}.tar.xz{,.sig} "gmid.service" "gmid.sysusers" "gmid.confd" "gmid.initd" "gmid.conf" "index.gmi" ) mksha256sums=('c5fd6e5bb411a7baafe0b12b2e2bff35ea47231eff803c00c94e78f2bec3f82c') sha256sums=( 'bbdf37162add9be254dfd857f69595b5fe882a8a30647d62e7a030c2e2c87c5c' 'SKIP' '946de0766343225068a0e3f38cb39a4a93ef312525dd775226b938cd08706b94' '4d943727a57dbf5f246963c0f90ccc54919cc2296538457e6b16f29f7580d9d6' 'eddbe93741d01077426bc0239db42815c75a0da5191b4e6528df60ae3e0e5bb3' 'f396c7db961c45ddb8e48acf42708b3faf9df2a3eaa56f30d9e64d4de0971e88' '7acf491fee5f2693b30666b1f2c6eb0a4db33e9ef3154e1cbfb62186c6fa7be6' '361cd4ef2b47437b0f5729d56d0ef88851e56812ab88546c82cda0092fe86139' ) validpgpkeys=('3954A7AB837D0EA9CFA9798925DB7D9B5A8D4B40') # bill-auger # NOTE: The files removed in mksource() are not actually present in this release # However, mksource() is retained for now, # because it is not certain that the files will be absent in the next release; # or perhaps their omission from this release was a happy accident. mksource() { cd "$srcdir/$pkgname-$pkgver" # Remove unlicensed files local nonfree_files=( contrib site ) for nonfree_file in "${nonfree_files[@]}" do if [[ -d ${nonfree_file} ]] then rm -r ${nonfree_file} else echo "cannot delete '${nonfree_file}' - mksource() needs re-working" return 1 fi done } build() { cd "$srcdir/$pkgname-$pkgver" MANDIR='usr/share/man/' ./configure --prefix='usr/' make } package() { cd "$srcdir" # Install the config and service files. install -Dm644 gmid.service -t "$pkgdir/usr/lib/systemd/system" install -Dm644 gmid.sysusers -t "$pkgdir/usr/lib/sysusers.d" install -Dm644 gmid.confd "$pkgdir/etc/conf.d/gmid" install -Dm755 gmid.initd "$pkgdir/etc/init.d/gmid" install -Dm644 gmid.conf "$pkgdir/etc/gmid.conf" # Install the program files. cd "$srcdir/$pkgname-$pkgver" make DESTDIR="$pkgdir/" install # Install the documentation files. install -Dm644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname" install -Dm644 README.md -t "$pkgdir/usr/share/doc/$pkgname" install -Dm644 ../index.gmi "$pkgdir/usr/share/doc/$pkgname/index.gmi" } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From nobody at parabola.nu Fri Nov 4 18:39:04 2022 From: nobody at parabola.nu (Parabola Website Notification) Date: Fri, 04 Nov 2022 18:39:04 -0000 Subject: [Dev] Orphan Pcr package [gmid] marked out-of-date Message-ID: <20221104183904.3710382.65041@winston.parabola.nu> wael at waelk.tech wants to notify you that the following packages may be out-of-date: * gmid 1.8.4-1 [pcr] (armv7h): https://parabolagnulinux.org/packages/pcr/armv7h/gmid/ * gmid 1.8.4-1 [pcr] (i686): https://parabolagnulinux.org/packages/pcr/i686/gmid/ * gmid 1.8.4-1 [pcr] (x86_64): https://parabolagnulinux.org/packages/pcr/x86_64/gmid/ The user provided the following additional text: Upstream released 1.8.5 on the first of November, I've sent the updated PKGBUILD to the dev mailing list. From nobody at parabola.nu Sat Nov 5 17:54:36 2022 From: nobody at parabola.nu (Parabola Website Notification) Date: Sat, 05 Nov 2022 17:54:36 -0000 Subject: [Dev] Orphan Libre package [pacman] marked out-of-date Message-ID: <20221105175436.3710384.12867@winston.parabola.nu> distorto at member.fsf.org wants to notify you that the following packages may be out-of-date: * pacman 6.0.1-4.parabola3 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/pacman/ * pacman 6.0.1-4.parabola3 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/pacman/ * pacman 6.0.1-4.parabola3 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/pacman/ * pacman-debug 6.0.1-4.parabola3 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/pacman-debug/ * pacman-debug 6.0.1-4.parabola3 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/pacman-debug/ * pacman-debug 6.0.1-4.parabola3 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/pacman-debug/ The user provided the following additional text: Needs rebuild against OpenSSL 3 From wael at waelk.tech Sun Nov 6 07:19:16 2022 From: wael at waelk.tech (Wael Karram) Date: Sun, 06 Nov 2022 09:19:16 +0200 Subject: [Dev] [PKGBUILD] Finger client, netkit BSD Message-ID: <1039aa1411b59f664240a62145f4739c7d0506b5.camel@waelk.tech> Hello, I've noticed the lack of a finger client in Parabola (even though there is a finger daemon, ffingerd). As such I've re-packaged one (patch attached to this email) based on the AUR package (which in turn is based on a Debian package and patchset). The only thing I'm not sure of is that the code uses the 4-clause BSD license, which is apparently incompatible with the GPL but should still be free software. I tried to look it up and understand if that still makes it FSDG-compliant (so long it's not linked against) and I think it should be OK but I lack enough knowledge to be 100% sure. The PKGBUILD itself has been kept mostly unchanged, except adding a contributor line and adding rewording the description to have "GNU/Linux" instead of "Linux". -- Kind Regards, Wael Karram. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Added-PKGBUILD-for-bsd-netkit-finger.patch Type: text/x-patch Size: 8367 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From dev at lists.parabola.nu Sun Nov 6 11:33:59 2022 From: dev at lists.parabola.nu (Parabola GNU/Linux-libre: Recent news updates: bill auger) Date: Sun, 06 Nov 2022 11:33:59 -0000 Subject: [Dev] [dev] systemd encrypted boot may be broken by upgrade (systemd-cryptsetup) - suggest to postpone upgrading Message-ID: <20221106113359.3710382.45449@winston.parabola.nu> until https://bugs.archlinux.org/task/76440 is resolved > FS#76440 : systemd-cryptsetup still refers to libcrypto.so.1.1 after upgrading to openssl3 URL: /news/systemd-encrypted-boot-may-be-broken-by-upgrade-systemd-cryptsetup-suggest-to-postpone-upgrading/ From wael at waelk.tech Mon Nov 7 14:50:59 2022 From: wael at waelk.tech (Wael Karram) Date: Mon, 07 Nov 2022 16:50:59 +0200 Subject: [Dev] [BREAKAGE][OPENSSL][FDE] OpenSSL3 deprecation of whirlpool breaking FDE on Libreboot Message-ID: <22ae5f9976d424fe27a29cff6214b57116dbbd72.camel@waelk.tech> Hello, As mentioned on issue 3368, OpenSSL upstream (issue 5118, github tracker) deprecated the whirlpool hash algorithm (currently a compile-time option). It seems that upstream (Arch) hasn't enabled the flag for it with OpenSSL3, this will cause un-bootable systems on all Libreboot systems that followed the guide on libreboot.org and/or the Parabola wiki for an FDE installation since 2018 at least. I've opened an issue in Libreboot's bug tracker: https://notabug.org/libreboot/lbmk/issues/126 But I do think it is a good idea if a news item gets posted about this. -- Kind Regards, Wael Karram. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From wael at waelk.tech Tue Nov 8 07:08:26 2022 From: wael at waelk.tech (Wael Karram) Date: Tue, 08 Nov 2022 09:08:26 +0200 Subject: [Dev] [NAEMON][PACKAGE] Packaged Naemon as a community-driven alternative to nagios Message-ID: <2b2aa5867164bab7807809af6ee1aa25fe71ad03.camel@waelk.tech> Hello, Seeing as Nagios is now mostly lead by corporations I decided to package the community fork Naemon since it seems to be the best-maintained and has some of the former core Nagios team on-board. Both of these are very useful to monitor server(s) from a web interface showing the status of different services. -- Kind Regards, Wael Karram. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Package-naemon-as-an-alternative-to-nagios-that-is-c.patch Type: text/x-patch Size: 6132 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From nobody at parabola.nu Tue Nov 8 07:14:04 2022 From: nobody at parabola.nu (Parabola Website Notification) Date: Tue, 08 Nov 2022 07:14:04 -0000 Subject: [Dev] Orphan Libre package [freecad] marked out-of-date Message-ID: <20221108071404.3710382.40045@winston.parabola.nu> martin at libtec.org wants to notify you that the following packages may be out-of-date: * freecad 0.20.1-5.parabola1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/freecad/ * freecad 0.20.1-5.parabola1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/freecad/ The user provided the following additional text: The freecad executable is linked to libboost 1.79.0, which is not longer available: $ freecad freecad: error while loading shared libraries: libboost_filesystem.so.1.79.0: cannot open shared object file: No such file or directory From avalos at disroot.org Sat Nov 12 20:35:15 2022 From: avalos at disroot.org (=?ISO-8859-1?Q?Iv=E1n_=C1valos?=) Date: Sat, 12 Nov 2022 14:35:15 -0600 Subject: [Dev] PKGBUILD updated for epiphany (43.0) Message-ID: Hello! It's been a month since epiphany 43.0 was released. Here's the updated PKGBUILD, no repatching was needed. I tested with libretools, of course. -------------- next part -------------- # Maintainer (arch): Jan Alexander Steffens (heftig) # Contributor: Jan de Groot # Maintainer: Omar Vega Ramos # Contributor: Isaac David # Contributor: Iv?n ?valos # Contributor: Andr? Silva # Contributor: M?rcio Silva # parabola changes and rationale: # - rebranded to parabola # - switched default searchengine to duckduckgo # - removed useless dependency on icu because it's not # used at runtime according to readelf -d # - pin to sodeps pkgname=epiphany pkgver=43.0 pkgrel=1 pkgrel+=.parabola1 pkgdesc="A GNOME web browser based on the WebKit rendering engine" pkgdesc+=", with DuckDuckGo-HTML search" url="https://wiki.gnome.org/Apps/Web" arch=(x86_64) arch+=(i686 armv7h) license=(GPL) depends=(webkit2gtk-4.1 gcr icu libdazzle libhandy libarchive libportal-gtk3 libsoup3) depends=( $( sed 's| icu | |' <<<${depends[@]} ) ) depends+=(libhogweed.so) makedepends=(docbook-xml startup-notification lsb-release gobject-introspection yelp-tools git meson) checkdepends=(xorg-server-xvfb aspell hspell hunspell nuspell libvoikko) groups=(gnome) _commit=e5882e2b1fa040fbe6494ee9808591046a6eafa5 # tags/43.0^0 source=("git+https://gitlab.gnome.org/GNOME/epiphany.git#commit=$_commit") source+=(libre.patch) sha256sums=('SKIP') sha256sums+=('bf1dd1692ec9f94f8fc669a5ee71dd811d6083465dbb197e3fcc64e2aaf2f709') # check() requires networking _run_check=0 pkgver() { cd $pkgname git describe --tags | sed 's/[^-]*-g/r&/;s/-/+/g' } prepare() { cd $pkgname echo "applying libre.patch" patch -Np1 -i ../libre.patch } build() { arch-meson $pkgname build meson compile -C build } check() { (( _run_check )) || ! echo "skipping check()" || return 0 dbus-run-session xvfb-run -s '-nolisten local' \ meson test -C build --print-errorlogs } package() { meson install -C build --destdir "$pkgdir" } From pagure at pagure.io Tue Nov 15 04:15:40 2022 From: pagure at pagure.io (=?utf-8?q?Courtney_Swagar?=) Date: Tue, 15 Nov 2022 04:15:40 +0000 (GMT) Subject: [Dev] =?utf-8?q?=5Babslibre=5D_PR_=2365=3A_updpkg=3A_libre/icewe?= =?utf-8?q?asel_107=2E0?= Message-ID: commodorecrunch opened a new pull-request against the project: `abslibre` that you are following: `` updpkg: libre/iceweasel 107.0 `` To reply, visit the link below or just reply to this email https://pagure.io/abslibre/pull-request/65 From nobody at parabola.nu Sat Nov 19 09:00:52 2022 From: nobody at parabola.nu (Parabola Website Notification) Date: Sat, 19 Nov 2022 09:00:52 -0000 Subject: [Dev] Orphan Libre package [linux-libre-hardened] marked out-of-date Message-ID: <20221119090052.3710385.41100@winston.parabola.nu> feonq at tutanota.com wants to notify you that the following packages may be out-of-date: * linux-libre-hardened 5.18.12.hardened1-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-hardened/ * linux-libre-hardened-docs 5.18.12.hardened1-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-hardened-docs/ * linux-libre-hardened-headers 5.18.12.hardened1-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-hardened-headers/ The user provided the following additional text: https://linux-libre.fsfla.org/pub/linux-libre/releases/LATEST-6.0.N/ From nobody at parabola.nu Sun Nov 20 21:50:47 2022 From: nobody at parabola.nu (Parabola Website Notification) Date: Sun, 20 Nov 2022 21:50:47 -0000 Subject: [Dev] Orphan Libre package [icecat] marked out-of-date Message-ID: <20221120215047.3710385.92214@winston.parabola.nu> play1997 at gmx.de wants to notify you that the following packages may be out-of-date: * icecat 102.2.0_gnu0_pre1-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/icecat/ * icecat 102.2.0_gnu0_pre1-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/icecat/ * icecat 102.2.0_gnu0_pre1-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/icecat/ The user provided the following additional text: Hi! Can you please update to version 102.5.0? Thank you! From nobody at parabola.nu Sun Nov 20 21:55:32 2022 From: nobody at parabola.nu (Parabola Website Notification) Date: Sun, 20 Nov 2022 21:55:32 -0000 Subject: [Dev] Orphan Libre package [linux-libre-lts] marked out-of-date Message-ID: <20221120215532.3710385.75377@winston.parabola.nu> play1997 at gmx.de wants to notify you that the following packages may be out-of-date: * linux-libre-lts 5.15.41-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/linux-libre-lts/ * linux-libre-lts 5.15.72-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/linux-libre-lts/ * linux-libre-lts 5.15.72-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-lts/ * linux-libre-lts-docs 5.10.19-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/linux-libre-lts-docs/ * linux-libre-lts-docs 5.15.72-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/linux-libre-lts-docs/ * linux-libre-lts-docs 5.15.72-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-lts-docs/ * linux-libre-lts-headers 5.15.41-1 [libre] (armv7h): https://parabolagnulinux.org/packages/libre/armv7h/linux-libre-lts-headers/ * linux-libre-lts-headers 5.15.72-1 [libre] (i686): https://parabolagnulinux.org/packages/libre/i686/linux-libre-lts-headers/ * linux-libre-lts-headers 5.15.72-1 [libre] (x86_64): https://parabolagnulinux.org/packages/libre/x86_64/linux-libre-lts-headers/ The user provided the following additional text: Hi! Can you please update to version 5.15.79? Thank you! From bill-auger at peers.community Sun Nov 27 14:20:31 2022 From: bill-auger at peers.community (bill-auger) Date: Sun, 27 Nov 2022 09:20:31 -0500 Subject: [Dev] [UNIFONT] package update In-Reply-To: <12f568bd31d133489e19aa9417a0984bfdbaea6f.camel@waelk.tech> References: <12f568bd31d133489e19aa9417a0984bfdbaea6f.camel@waelk.tech> Message-ID: <20221127092031.622df092@parabola.localdomain> just to note that this PKGBUILD is still untidy > # source=("http://unifoundry.com/pub/unifont/unifont-$pkgver/unifont-$pkgver.tar.gz"{,.sig}) > source=("http://unifoundry.com/pub/unifont/unifont-$pkgver/unifont-$pkgver.tar.gz") > sha256sums=('7d11a924bf3c63ea7fdf2da2b96d6d4986435bedfd1e6816c8ac2e6db47634d5' > # 'SKIP') > ) > validpgpkeys=('95D2E9AB8740D8046387FD151A09227B1F435A33') # Paul Hardy so validpgpkeys is populated, but is will not be used - why does it not download a signature file; but suggests that it should? From wael at waelk.tech Sun Nov 27 15:48:23 2022 From: wael at waelk.tech (Wael Karram) Date: Sun, 27 Nov 2022 17:48:23 +0200 Subject: [Dev] [UNIFONT] package update In-Reply-To: <20221127092031.622df092@parabola.localdomain> References: <12f568bd31d133489e19aa9417a0984bfdbaea6f.camel@waelk.tech> <20221127092031.622df092@parabola.localdomain> Message-ID: <7d8df7ea7cbabcadbf4727e48e7a12410fecb272.camel@waelk.tech> On Sun, 2022-11-27 at 09:20 -0500, bill-auger wrote: > just to note that this PKGBUILD is still untidy > > > # > > source=("http://unifoundry.com/pub/unifont/unifont-$pkgver/unifont-$pkgver.t > > ar.gz"{,.sig}) > > source=(" > > http://unifoundry.com/pub/unifont/unifont-$pkgver/unifont-$pkgver.tar.gz") > > sha256sums=('7d11a924bf3c63ea7fdf2da2b96d6d4986435bedfd1e6816c8ac2e6db47634d > > 5' > > #???????????? 'SKIP') > > ??????????? ) > > validpgpkeys=('95D2E9AB8740D8046387FD151A09227B1F435A33') # Paul Hardy > > so validpgpkeys is populated, but is will not be used - why does it not > download a signature file; but suggests that it should? That has been left in from the upstream AUR package, I'll fix it in the next update - I'm thinking of re-writing the whole PKGBUILD. -- Kind Regards, Wael Karram. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From bill-auger at peers.community Mon Nov 28 10:33:27 2022 From: bill-auger at peers.community (bill-auger) Date: Mon, 28 Nov 2022 05:33:27 -0500 Subject: [Dev] [UNIFONT] package update In-Reply-To: <7d8df7ea7cbabcadbf4727e48e7a12410fecb272.camel@waelk.tech> References: <12f568bd31d133489e19aa9417a0984bfdbaea6f.camel@waelk.tech> <20221127092031.622df092@parabola.localdomain> <7d8df7ea7cbabcadbf4727e48e7a12410fecb272.camel@waelk.tech> Message-ID: <20221128053327.6a092457@parabola.localdomain> perhaps the upstream normally publishes signatures, but sometimes forgets - that would be a sensible reason for the maintainer to retain the disabled code - if most often, there will be no signature, i would delete the disabled code so, the obvious follow-up question being "does/will the upstream publish signatures?" From wael at waelk.tech Mon Nov 28 11:18:54 2022 From: wael at waelk.tech (Wael Karram) Date: Mon, 28 Nov 2022 13:18:54 +0200 Subject: [Dev] [UNIFONT] package update In-Reply-To: <20221127092031.622df092@parabola.localdomain> References: <12f568bd31d133489e19aa9417a0984bfdbaea6f.camel@waelk.tech> <20221127092031.622df092@parabola.localdomain> Message-ID: On Sun, 2022-11-27 at 09:20 -0500, bill-auger wrote: > just to note that this PKGBUILD is still untidy > > > # > > source=("http://unifoundry.com/pub/unifont/unifont-$pkgver/unifont-$pkgver.t > > ar.gz"{,.sig}) > > source=(" > > http://unifoundry.com/pub/unifont/unifont-$pkgver/unifont-$pkgver.tar.gz") > > sha256sums=('7d11a924bf3c63ea7fdf2da2b96d6d4986435bedfd1e6816c8ac2e6db47634d > > 5' > > #???????????? 'SKIP') > > ??????????? ) > > validpgpkeys=('95D2E9AB8740D8046387FD151A09227B1F435A33') # Paul Hardy > > so validpgpkeys is populated, but is will not be used - why does it not > download a signature file; but suggests that it should? I figure it is there to verify that the signature matches what it should be. It does compile without that though, but according to arch wiki I can't find how to force verification. Am I missing something here? Relevant Arch Wiki section: https://wiki.archlinux.org/title/Pkgbuild#validpgpkeys Additionally I thought we can do without it, but the download is done over HTTP and not HTTPS, so realistically it is better to verify that the signature matches what we expect it to be before it is used to verify the downloaded source files. -- Kind Regards, Wael Karram. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From bill-auger at peers.community Mon Nov 28 11:30:19 2022 From: bill-auger at peers.community (bill-auger) Date: Mon, 28 Nov 2022 06:30:19 -0500 Subject: [Dev] [UNIFONT] package update In-Reply-To: References: <12f568bd31d133489e19aa9417a0984bfdbaea6f.camel@waelk.tech> <20221127092031.622df092@parabola.localdomain> Message-ID: <20221128063019.4c306ae3@parabola.localdomain> On Mon, 28 Nov 2022 13:18:54 +0200 Wael wrote: > I can't find how to force verification. it is automatic - if validpgpkeys is populated, any source=() files with an associated .asc or .sig will be verified On Mon, 28 Nov 2022 13:18:54 +0200 Wael wrote: > Additionally I thought we can do without it, but the download is done over HTTP > and not HTTPS encryption is not a significant factor signatures are always optional, because most projects do not publish them; but signatures should be verified whenever the upstream does publish them From wael at waelk.tech Mon Nov 28 11:48:29 2022 From: wael at waelk.tech (Wael Karram) Date: Mon, 28 Nov 2022 13:48:29 +0200 Subject: [Dev] [UNIFONT] package update In-Reply-To: <20221128063019.4c306ae3@parabola.localdomain> References: <12f568bd31d133489e19aa9417a0984bfdbaea6f.camel@waelk.tech> <20221127092031.622df092@parabola.localdomain> <20221128063019.4c306ae3@parabola.localdomain> Message-ID: <540907cae62e00680cd4be80e7678382f53804c6.camel@waelk.tech> On Mon, 2022-11-28 at 06:30 -0500, bill-auger wrote: > On Mon, 28 Nov 2022 13:18:54 +0200 Wael wrote: > > I can't find how to force verification. > > it is automatic - if validpgpkeys is populated, any > source=() files with an associated .asc or .sig will be verified > > > On Mon, 28 Nov 2022 13:18:54 +0200 Wael wrote: > > Additionally I thought we can do without it, but the download is done over > > HTTP > > and not HTTPS > > encryption is not a significant factor > > signatures are always optional, because most projects do not > publish them; but signatures should be verified whenever the > upstream does publish them Then in this case I guess it should be left in, right? I've just checked the PGP key again and it matches what the upstream has published. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: From pagure at pagure.io Wed Nov 30 12:35:28 2022 From: pagure at pagure.io (=?utf-8?q?Grizzly_User?=) Date: Wed, 30 Nov 2022 12:35:28 +0000 (GMT) Subject: [Dev] =?utf-8?q?=5Babslibre=5D_PR_=2366=3A_libre/iceweasel=3A_up?= =?utf-8?q?date_to_107=2E0=2E1=2C_sync_with_upstream=2C_cleanup?= Message-ID: grizzlyuser opened a new pull-request against the project: `abslibre` that you are following: `` libre/iceweasel: update to 107.0.1, sync with upstream, cleanup `` To reply, visit the link below or just reply to this email https://pagure.io/abslibre/pull-request/66