[arch-dev-public] WARNING: Qt 4.8 removal
Hi, I just removed the qt package and the qtwebkit one from [testing]. You already know the reason, if you don't, see [1]. The Qt team has not a public release schedule and we cannot wait the final release anymore. You can downgrade to Qt 4.7 using `pacman -Syuu`. Qtwebkit conflicts with Qt 4.7, then we do not expect any problem here. The packages which depend on qtwebkit have been removed too. Cheers [1] http://mailman.archlinux.org/pipermail/arch-dev-public/2011- November/022064.html -- Andrea
Re: [arch-dev-public] sign packages on alderaan
On 12 November 2011 08:04, Ionut Biru wrote: > On 11/12/2011 01:59 AM, Dan McGee wrote: >> On Fri, Nov 11, 2011 at 5:56 PM, Ionut Biru wrote: >>> On 11/12/2011 01:43 AM, Ray Rashif wrote: On 12 November 2011 07:35, Dan McGee wrote: > On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif wrote: >> On 31 October 2011 02:06, Florian Pritz wrote: >>> So far the only solution is to download the finished package, sign it >>> locally using gpg --detach-sign and then uploading the signature >>> back to pkgbuild.com so commitpkg will find it. >> >> Did something change WRT this workflow now? I'm getting >> signature-incorrect from commitpkg. I did sign like this 2 times >> before (opencv and cinelerra-cv), so it did work recently. gpg >> --verify outputs: >> >> gpg: Can't check signature: public key not found >> >> But this is normal, and the public key was not there for the previous >> 2 times. Or was gpg --verify not there in commitpkg before? Do I now >> need to import my public key on alderaan? > > Is your key in your keychain on alderaan? Probably not from what this > looks like. Easy to check- `gpg --list-keys 0xfoobar`. > > -Dan > Nope. That was what I was asking - whether I need to add it. The last 2 times that I pushed signed packages from alderaan I didn't do anything gpg-related remotely. Anyway, imported the key now so all is good again. -- GPG/PGP ID: C0711BF1 >>> >>> don't import any key on alderaan. >> >> Hmm? >> >> He is trying to *verify*, meaning he needs his *public* key. This has >> nothing to do with signing or private keys. It make a heck of a lot >> more sense bandwidth-wise for him to upload the signature file to >> alderaan than upload both the package and signature from his local >> machine, so why should he not be able to do that? The `gpg --verify` >> call is there to make sure developers don't accidentally upload >> mismatched packages and corresponding signature files, which could >> easily happen when doing test builds and --nosign, etc. >> >> -Dan > > > well, i understood that he signed the package on alderaan... Then you misunderstood. My reply to the topic meant I was referring to the only workaround to "sign packages on alderaan", which is to build, download packages, sign locally, upload signatures, and then push wholesale. I followed that process on 2 previous occasions and there was no complaint even when there was no public key on the remote machine, but this time commitpkg complained about the signatures. So I only wanted to know whether I did anything wrong. Anyway, it's now evident that the verification was not there before. Importing a public key poses no risk (done with --recv-keys), so there is also no need to change anything in commitpkg. -- GPG/PGP ID: C0711BF1
[arch-dev-public] Signoff report for [testing]
=== Signoff report for [testing] === https://www.archlinux.org/packages/signoffs/ There are currently: * 12 new packages in last 24 hours * 1 known bad package * 2 packages not accepting signoffs * 20 fully signed off packages * 102 packages missing signoffs * 20 packages older than 14 days (Note: the word 'package' as used here refers to packages as grouped by pkgbase, architecture, and repository; e.g., one PKGBUILD produces one package per architecture, even if it is a split package.) == New packages in [testing] in last 24 hours (12 total) == * glib2-2.30.2-1 (i686) * kernel26-lts-2.6.32.48-1 (i686) * linux-3.1.1-1 (i686) * run-parts-4.0.4-1 (i686) * glib2-2.30.2-1 (x86_64) * kernel26-lts-2.6.32.48-1 (x86_64) * linux-3.1.1-1 (x86_64) * run-parts-4.0.4-1 (x86_64) * nouveau-drm-lts-0.0.16_20100313-7 (i686) * nvidia-lts-285.05.09-2 (i686) * nouveau-drm-lts-0.0.16_20100313-7 (x86_64) * nvidia-lts-285.05.09-2 (x86_64) == Incomplete signoffs for [core] (26 total) == * glib2-2.30.2-1 (i686) 0/2 signoffs * heirloom-mailx-12.5-3 (i686) 1/2 signoffs * isdn4k-utils-3.2p1-7 (i686) 1/2 signoffs * jfsutils-1.1.15-3 (i686) 1/2 signoffs * kernel26-lts-2.6.32.48-1 (i686) 1/2 signoffs * librpcsecgss-0.19-7 (i686) 0/2 signoffs * linux-atm-2.5.2-1 (i686) 0/2 signoffs * ppp-2.4.5-3 (i686) 0/2 signoffs * pptpclient-1.7.2-4 (i686) 0/2 signoffs * reiserfsprogs-3.6.21-4 (i686) 0/2 signoffs * rfkill-0.4-3 (i686) 1/2 signoffs * rpcbind-0.2.0-5 (i686) 1/2 signoffs * run-parts-4.0.4-1 (i686) 1/2 signoffs * sdparm-1.06-2 (i686) 1/2 signoffs * xfsprogs-3.1.6-1 (i686) 0/2 signoffs * glib2-2.30.2-1 (x86_64) 0/2 signoffs * isdn4k-utils-3.2p1-7 (x86_64) 1/2 signoffs * jfsutils-1.1.15-3 (x86_64) 1/2 signoffs * kernel26-lts-2.6.32.48-1 (x86_64) 1/2 signoffs * librpcsecgss-0.19-7 (x86_64) 0/2 signoffs * linux-atm-2.5.2-1 (x86_64) 0/2 signoffs * ppp-2.4.5-3 (x86_64) 1/2 signoffs * pptpclient-1.7.2-4 (x86_64) 1/2 signoffs * reiserfsprogs-3.6.21-4 (x86_64) 0/2 signoffs * run-parts-4.0.4-1 (x86_64) 0/2 signoffs * xfsprogs-3.1.6-1 (x86_64) 0/2 signoffs == Incomplete signoffs for [extra] (74 total) == * namcap-3.2.1-1 (any) 0/2 signoffs * qt-doc-4.8.0rc1-1 (any) 0/2 signoffs * alex-2.3.5-1.3 (i686) 1/2 signoffs * alsa-plugins-1.0.24-3 (i686) 0/2 signoffs * amarok-2.4.3-2 (i686) 0/2 signoffs * audacious-plugins-3.1-4 (i686) 0/2 signoffs * avidemux-2.5.5-5 (i686) 0/2 signoffs * blender-3:2.60a-2 (i686) 0/2 signoffs * cabal-install-0.10.2-1.1 (i686) 1/2 signoffs * cmus-2.4.2-2 (i686) 0/2 signoffs * ffmpeg-2008-1 (i686) 0/2 signoffs * ffmpegthumbnailer-2.0.7-2 (i686) 0/2 signoffs * gegl-0.1.6-2 (i686) 0/2 signoffs * gstreamer0.10-ugly-0.10.18-4 (i686) 0/2 signoffs * happy-1.18.6-1.2 (i686) 1/2 signoffs * jack-0.121.3-2 (i686) 0/2 signoffs * k3b-2.0.2-3 (i686) 0/2 signoffs * kdelibs-4.7.3-2 (i686) 0/2 signoffs * kdemultimedia-4.7.3-2 (i686) 0/2 signoffs * kradio-4.0.2-2 (i686) 0/2 signoffs * kwebkitpart-1.2.0-2 (i686) 0/2 signoffs * libffado-2.0.1-4 (i686) 0/2 signoffs * mediastreamer-2.7.3-4 (i686) 0/2 signoffs * miro-4.0.3-2 (i686) 0/2 signoffs * moc-20110528-4 (i686) 0/2 signoffs * mpd-0.16.5-2 (i686) 0/2 signoffs * mplayer-34283-1 (i686) 0/2 signoffs * nouveau-drm-lts-0.0.16_20100313-7 (i686) 0/2 signoffs * nvidia-lts-285.05.09-2 (i686) 0/2 signoffs * opal-3.10.2-3 (i686) 0/2 signoffs * opencv-2.3.1-2 (i686) 0/2 signoffs * proftpd-1.3.4-1 (i686) 0/2 signoffs * pyalpm-0.5.3-1 (i686) 0/2 signoffs * pyqt-4.8.6-2 (i686) 0/2 signoffs * qt-4.8.0rc1-1 (i686) 0/2 signoffs * sox-14.3.2-4 (i686) 0/2 signoffs * transcode-1.1.5-7 (i686) 0/2 signoffs * vlc-1.1.12-2 (i686) 0/2 signoffs * x264-20111030-1 (i686) 0/2 signoffs * xine-lib-1.1.19-6 (i686) 0/2 signoffs * alex-2.3.5-1.3 (x86_64) 0/2 signoffs * alsa-plugins-1.0.24-3 (x86_64) 1/2 signoffs * amarok-2.4.3-2 (x86_64) 0/2 signoffs * audacious-plugins-3.1-4 (x86_64) 0/2 signoffs * avidemux-2.5.5-5 (x86_64) 0/2 signoffs * blender-3:2.60a-2 (x86_64) 0/2 signoffs * cabal-install-0.10.2-1.1 (x86_64) 0/2 signoffs * cmus-2.4.2-2 (x86_64) 1/2 signoffs * ffmpeg-2008-1 (x86_64) 1/2 signoffs * ffmpegthumbnailer-2.0.7-2 (x86_64) 1/2 signoffs * gegl-0.1.6-2 (x86_64) 0/2 signoffs * gstreamer0.10-ugly-0.10.18-4 (x86_64) 1/2 signoffs * happy-1.18.6-1.2 (x86_64) 0/2 signoffs * jack-0.121.3-2 (x86_64) 0/2 signoffs * k3b-2.0.2-3 (x86_64) 0/2 signoffs * kdemultimedia-4.7.3-2 (x86_64) 1/2 signoffs * kradio-4.0.2-2 (x86_64) 0/2 signoffs * kwebkitpart-1.2.0-2 (x86_64) 0/2 signoffs * libffado-2.0.1-4 (x86_64) 0/2 signoffs * mediastreamer-2.7.3-4 (x86_64) 0/2 signoffs * miro-4.0.3-2 (x86_64) 0/2 signoffs * moc-20110528-4 (x86_64) 0/2 signoffs * mplayer-34283-1 (x86_64)
