summaryrefslogtreecommitdiff
path: root/libre/mkinitcpio/PKGBUILD
AgeCommit message (Collapse)Author
2021-11-21libre: mkinitcpio: bump package revision to workaround expired keyDenis 'GNUtoo' Carikli
Without that fix, we have the following error while installing or upgrading mkinitcpio: error: mkinitcpio: signature from "bill-auger <bill-auger@peers.community>" is unknown trust :: File /var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). This is because the corresponding gpg key is expired: # gpg --recv-keys FBCC5AD7421197B7ABA72853908710913E8C7778 gpg: key 25DB7D9B5A8D4B40: public key "bill-auger <bill-auger@peers.community>" imported gpg: Total number processed: 1 gpg: imported: 1 # gpg --verify /var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst.sig gpg: assuming signed data in '/var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst' gpg: Signature made sam. 06 nov. 2021 03:41:54 CET gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778 gpg: Good signature from "bill-auger <bill-auger@peers.community>" [expired] gpg: aka "bill-auger <mr.j.spam.me@gmail.com>" [expired] gpg: aka "bill-auger <bill-auger@programmer.net>" [expired] gpg: aka "[jpeg image of size 6017]" [expired] gpg: Note: This key has expired! Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40 Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778 Key expirations often happen when because there are conflicting best security practices with key expiration dates: for long term software releases, it's better if the key don't have too short expiration dates, especially if users can't easily update the key, but short key expirations help a lot for security and for uses cases like mail, if you loose your key, having a short expiration date will ensure that people will (shortly) stop sending you mail that you can't decrypt. In addition keeping a key always up to date can in some case be very complex. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2021-11-21libre: Add mkinitcpio mkinitcpio-30-2.parabola2-any.src.tar.gz source codebill-auger
The process of packages releases makes it very easy to forget to push a package or its source code to git: - A developer can push to abslibre and forget to build the package, or that developer might want to build the package later on for various reasons. - A developer can also push the package and forget to push the corresponding git commits to abslibre. I often am in the first case, but here we are in the later case. Fortunately the process of packages releases also makes it easy to find that source code. The source code of libre/mkinitcpio can be found here: https://repo.parabola.nu/sources/parabola/mkinitcpio-30-2.parabola1-any.src.tar.gz https://repo.parabola.nu/sources/parabola/mkinitcpio-30-2.parabola1-any.src.tar.gz.sig And we can even verify its signature: $ gpg --verify mkinitcpio-30-2.parabola2-any.src.tar.gz.sig gpg: assuming signed data in 'mkinitcpio-30-2.parabola2-any.src.tar.gz' gpg: Signature made sam. 06 nov. 2021 03:42:02 CET gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778 gpg: Good signature from "bill-auger <bill-auger@peers.community>" [unknown] gpg: aka "bill-auger <mr.j.spam.me@gmail.com>" [unknown] gpg: aka "bill-auger <bill-auger@programmer.net>" [unknown] gpg: aka "[jpeg image of size 6017]" [unknown] gpg: Note: This key has expired! Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40 Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778 So we can safely import the source back in abslibre. The archive has a bit more than needed for this specific situation: $ tar tf ../mkinitcpio-30-2.parabola2-any.src.tar.gz mkinitcpio/ mkinitcpio/mkinitcpio-30.tar.gz mkinitcpio/PKGBUILD mkinitcpio/.SRCINFO mkinitcpio/mkinitcpio.install mkinitcpio/mkinitcpio-30.tar.gz.sig mkinitcpio/9001-udev.patch So I only used the PKGBUILD, mkinitcpio.install and 9001-udev.patch files here as we don't commit the .SRCINFO or source tarballs to git in Parabola. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>