=== Signoff report for [community-testing] ===
https://www.archlinux.org/packages/signoffs/
There are currently:
* 0 new packages in last 24 hours
* 0 known bad packages
* 0 packages not accepting signoffs
* 0 fully signed off packages
* 93 packages missing signoffs
* 1 package older than 14 days
Hi,
It's possible to calculate the checksums yourself. Just install the openssl
package and then run the following:
$ openssl sha256 filename.tar.gz
(with filename.tar.gz being the name of the source tarball that you're
using)
Hope this helps
On 4 October 2014 11:54, stef204
Hi,
Am 04.10.2014 um 12:54 schrieb stef204:
What is the preferred way for me to proceed?
Use GPG to verify the integrity of the download and calculate the
checksum locally for yourself. Users of your package have to trust you
anyway, as you can basically do anything to your package, anyway.
On 04-10-2014 12:31, Charles Bos wrote:
Hi,
It's possible to calculate the checksums yourself. Just install the openssl
package and then run the following:
$ openssl sha256 filename.tar.gz
(with filename.tar.gz being the name of the source tarball that you're
using)
Hope this helps
Hi,
Working only on my second AUR package, please bear with me.
To verify integrity, the author does not provide checksums but only a gpg .asc
file.
What is the preferred way for me to proceed?
The author is active and available so I can ask him to post a sha256 on his
website; but I'm trying
On 10/04/2014 12:54 PM, stef204 wrote:
To verify integrity, the author does not provide checksums but only a gpg
.asc file.
What is the preferred way for me to proceed?
If there wouldn't be any verification (neither hash nor signature) you
would (most likely) have to trust the source on first
On 4 Oct 2014 13:52, Charles Bos charlesb...@gmail.com wrote:
Hi,
It's possible to calculate the checksums yourself. Just install the
openssl
package and then run the following:
$ openssl sha256 filename.tar.gz
(with filename.tar.gz being the name of the source tarball that you're
using)
On 04.10.2014 12:54, stef204 wrote:
To verify integrity, the author does not provide checksums but only a
gpg .asc file.
Put the .asc file URL in the sources array and makepkg will verify it
automatically. This only works if the base filenames are the same
(foo.tar.gz and foo.tar.gz.asc), but
04.10.2014, 06:09, Karol Babioch ka...@babioch.de:
Use GPG to verify the integrity of the download and calculate the
checksum locally for yourself. Users of your package have to trust you
anyway, as you can basically do anything to your package, anyway.
Best regards,
Karol Babioch
OK,
04.10.2014, 05:52, Charles Bos charlesb...@gmail.com:
Hi,
It's possible to calculate the checksums yourself. Just install the openssl
package and then run the following:
$ openssl sha256 filename.tar.gz
(with filename.tar.gz being the name of the source tarball that you're
using)
Hope
Use GPG to verify the integrity of the download and calculate the
checksum locally for yourself. Users of your package have to trust you
anyway, as you can basically do anything to your package, anyway.
Best regards,
Karol Babioch
OK, you have a point, understood.
For reference, a PGP
04.10.2014, 06:38, Levente Polyak leve...@leventepolyak.net:
If you want a even more convenient solution, you can also simply call
'updpkgsums' (after the gpg verification) in the current directory
containing the PKGBUILD in question. This will update the existing hash
in your PKGBUILD (but
Hi,
Would anyone be so nice as to review my libgroove package? The current
package [1] and proposed package [2] are both on GitHub. The package is for
a C library, and I am hoping to add a pkg-config config file (libgroove.pc)
to the package. I've never written one of these before, and am worried
On 04/10, Jeremy Audet wrote:
Hi,
Would anyone be so nice as to review my libgroove package? The current
package [1] and proposed package [2] are both on GitHub. The package is for
a C library, and I am hoping to add a pkg-config config file (libgroove.pc)
to the package. I've never written one
14 matches
Mail list logo