Hi Jelle, > * filebin - the package is not -git but does pull from git master, > ideally it would use #commit= and maybe verify the commit if it's > signed.
I've switched to `#tag=${pkgver}?signed` and `validpgpkeys`. Much better than a checkout in `prepare()`, thanks! > * srrdb-terminal-client is not reproducible at least not as you embed > the build date. Ah, correct. I've altered the date command to use `$SOURCE_DATE_EPOCH`, good to know that exists. > You can check if your package is reproducible by using `makerepropkg`. I'll have to implement that in my pipeline, but that is something for the weekend. Best Regards hashworks -- hashworks Web https://hashworks.net Public Key 0x4FE7F4FEAC8EBE67
pgp2Qcw7DsoEL.pgp
Description: OpenPGP digital signature