Re: Is including GPG keys in an AUR package for verifying sources a good idea?
On 2/10/24 14:10, Abraham S.A.H. wrote: Sign it with your own malicious key and upload your public key to keyservers. This is kind of the whole breakdown in gpg signing. In 2018, the keyservers were hit with a type of malware that effectively served as global DDOS on the keyservers (many of which were unmaintained and had simply been running for years unattended). After the attack much of the keyserver system was simply never restarted leading to difficulties in getting public keys to verify signatures. They are hit-of-miss at best now. As long as the AUR package makes the needed public keys available, then all is fine, but if users are left to "get the key from a keyserver" - the specific keyserver holding the key needs to be identified, as there is little or no sync of keys anymore. (this is just a side note for the general discussion) The Arch keyring takes key of providing keys for Arch, but I'm unsure how AUR does this) -- David C. Rankin, J.D.,P.E.
Re: powertabeditor - request for PKGBUILD review
On 19-02-2024 10:39, Jonas Serych wrote: The PKGBUILD got sent as a binary mime type, sorry about that. Here it is as text/plain. One comment : upstream readme mnetrions requiring a 'midi sequencer' . Some soundcards offer that ability in hardware, but the majority doesn't. timidity++ and fluidsynth are the 2 most common software midi synthesizers on archlinux. I suggest you list them as optdepends . Lone_Wolf
Re: powertabeditor - request for PKGBUILD review
The PKGBUILD got sent as a binary mime type, sorry about that. Here it is as text/plain. # Maintainer: Jonas Serych pkgname='powertabeditor' pkgver='2.0.0_alpha19' pkgrel=1 pkgdesc="Guitar tablature viewer and editor" arch=('x86_64') url="https://powertab.github.io/; license=('GPL-3.0-only') depends=('boost-libs' 'boost' 'doctest' 'minizip' 'pugixml' 'rtmidi' 'alsa-lib' 'nlohmann-json' 'qt5-base' 'qt5-tools') makedepends=('cmake') source=("https://github.com/powertab/${pkgname}/archive/refs/tags/${pkgver//_/-}.tar.gz;) sha256sums=('318e14370bd60670dadfe70d2f124d817d51017ec13011f577080633d83f41d4') build() { cmake -B build -S "${pkgname}-${pkgver//_/-}" \ -DCMAKE_BUILD_TYPE='None' \ -DCMAKE_INSTALL_PREFIX=/usr cmake --build build } check() { ctest --test-dir build --output-on-failure } package() { DESTDIR="$pkgdir" cmake --install build }
powertabeditor - request for PKGBUILD review
Hi, this is my first time creating a PKGBUILD. I tried to follow the guidelines and the recommended practices for cmake packages, but not sure I didn't miss something. Thanks for any suggestions. I checked that it builds in clean chroot. The software seems to work well, except for JACK server not running error (for playback of midi). I am not sure if this should be somehow solved in the PKGBUILD, or if it should be left to the user. When I run qsynth alongside the powertabeditor the playback works just fine. Somehow setting up timidity++ daemon would work too, I guess. Best regards, Jonas Serych PKGBUILD Description: Binary data