Age | Commit message (Collapse) | Author |
|
|
|
Without that fix, we have the following error while
installing or upgrading texlive-bin:
error: texlive-bin: signature from "bill-auger <bill-auger@peers.community>" is unknown trust
:: File /var/cache/pacman/pkg/texlive-bin-2021.58686-3.parabola8-i686.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
This is because the corresponding gpg key is expired:
$ gpg --verify /var/cache/pacman/pkg/texlive-bin-2021.58686-3.parabola8-i686.pkg.tar.xz.sig
gpg: assuming signed data in '/var/cache/pacman/pkg/texlive-bin-2021.58686-3.parabola8-i686.pkg.tar.xz'
gpg: Signature made mer. 03 nov. 2021 03:02:20 CET
gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: Good signature from "bill-auger <bill-auger@peers.community>" [unknown]
gpg: aka "bill-auger <mr.j.spam.me@gmail.com>" [unknown]
gpg: aka "bill-auger <bill-auger@programmer.net>" [unknown]
gpg: aka "[jpeg image of size 6017]" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40
Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778
Key expirations often happen when because there are
conflicting best security practices with key expiration
dates: for long term software releases, it's better if
the key don't have too short expiration dates, especially if
users can't easily update the key, but short key expirations
help a lot for security and for uses cases like mail, if you
loose your key, having a short expiration date will ensure
that people will (shortly) stop sending you mail that you
can't decrypt.
In addition keeping a key always up to date can in some case
be very complex.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
The changes and rationale was added as well from
information that comes from the bug #717 [1].
[1]https://labs.parabola.nu/issues/717
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
Without that fix, we have the following error while
installing or upgrading asciidoc:
| > error: asciidoc: signature from "bill-auger <bill-auger@peers.community>" is unknown trust
| > :: File /var/cache/pacman/pkg/asciidoc-8.6.10-2.parabola1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
| > Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package)
This is because the corresponding gpg key is expired.
Key expirations often happen when because there are
conflicting best security practices with key expiration
dates: for long term software releases, it's better if
the key don't have too short expiration dates, especially if
users can't easily update the key, but short key expirations
help a lot for security and for uses cases like mail, if you
loose your key, having a short expiration date will ensure
that people will (shortly) stop sending you mail that you
can't decrypt.
In addition keeping a key always up to date can in some case
be very complex.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
Without that fix, we have the following error while
installing or upgrading mkinitcpio:
error: pacman-mirrorlist: signature from "bill-auger <bill-auger@peers.community>" is unknown trust
:: File /var/cache/pacman/pkg/pacman-mirrorlist-20210803-1.parabola1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
This is because the corresponding gpg key is expired.
Key expirations often happen when because there are
conflicting best security practices with key expiration
dates: for long term software releases, it's better if
the key don't have too short expiration dates, especially if
users can't easily update the key, but short key expirations
help a lot for security and for uses cases like mail, if you
loose your key, having a short expiration date will ensure
that people will (shortly) stop sending you mail that you
can't decrypt.
In addition keeping a key always up to date can in some case
be very complex.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
Without that fix, we have the following error while
installing or upgrading mkinitcpio:
error: mkinitcpio: signature from "bill-auger <bill-auger@peers.community>" is unknown trust
:: File /var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
This is because the corresponding gpg key is expired:
# gpg --recv-keys FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: key 25DB7D9B5A8D4B40: public key "bill-auger <bill-auger@peers.community>" imported
gpg: Total number processed: 1
gpg: imported: 1
# gpg --verify /var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst.sig
gpg: assuming signed data in '/var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst'
gpg: Signature made sam. 06 nov. 2021 03:41:54 CET
gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: Good signature from "bill-auger <bill-auger@peers.community>" [expired]
gpg: aka "bill-auger <mr.j.spam.me@gmail.com>" [expired]
gpg: aka "bill-auger <bill-auger@programmer.net>" [expired]
gpg: aka "[jpeg image of size 6017]" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40
Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778
Key expirations often happen when because there are
conflicting best security practices with key expiration
dates: for long term software releases, it's better if
the key don't have too short expiration dates, especially if
users can't easily update the key, but short key expirations
help a lot for security and for uses cases like mail, if you
loose your key, having a short expiration date will ensure
that people will (shortly) stop sending you mail that you
can't decrypt.
In addition keeping a key always up to date can in some case
be very complex.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
The process of packages releases makes it very easy to
forget to push a package or its source code to git:
- A developer can push to abslibre and forget to build the
package, or that developer might want to build the package
later on for various reasons.
- A developer can also push the package and forget to push
the corresponding git commits to abslibre.
I often am in the first case, but here we are in the later
case.
Fortunately the process of packages releases also makes it easy
to find that source code.
The source code of libre/mkinitcpio can be found here:
https://repo.parabola.nu/sources/parabola/mkinitcpio-30-2.parabola1-any.src.tar.gz
https://repo.parabola.nu/sources/parabola/mkinitcpio-30-2.parabola1-any.src.tar.gz.sig
And we can even verify its signature:
$ gpg --verify mkinitcpio-30-2.parabola2-any.src.tar.gz.sig
gpg: assuming signed data in 'mkinitcpio-30-2.parabola2-any.src.tar.gz'
gpg: Signature made sam. 06 nov. 2021 03:42:02 CET
gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: Good signature from "bill-auger <bill-auger@peers.community>" [unknown]
gpg: aka "bill-auger <mr.j.spam.me@gmail.com>" [unknown]
gpg: aka "bill-auger <bill-auger@programmer.net>" [unknown]
gpg: aka "[jpeg image of size 6017]" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40
Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778
So we can safely import the source back in abslibre.
The archive has a bit more than needed for this specific situation:
$ tar tf ../mkinitcpio-30-2.parabola2-any.src.tar.gz
mkinitcpio/
mkinitcpio/mkinitcpio-30.tar.gz
mkinitcpio/PKGBUILD
mkinitcpio/.SRCINFO
mkinitcpio/mkinitcpio.install
mkinitcpio/mkinitcpio-30.tar.gz.sig
mkinitcpio/9001-udev.patch
So I only used the PKGBUILD, mkinitcpio.install and
9001-udev.patch files here as we don't commit the .SRCINFO
or source tarballs to git in Parabola.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: Megver83 <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
|
|
Arch Linux ARM has removed the patch and webrtc disable flag
|
|
|
|
|
|
|
|
Not going to rebuild for such a small change.
It'll get picked up the next time it need to get
rebuilt.
|
|
|
|
Since our libre version just enhances privacy, this package belongs to nonprism.
AFAIK, there are no freedom issues (e.g. proprietary code or licensing issues).
Anyway I asked in the dev mailing list and got no answer.
Feel free to revert this commit if there's something wrong with this change.
Signed-off-by: David P <megver83@parabola.nu>
|
|
|
|
does not depend on qt5-webengine anymore
Signed-off-by: David P <megver83@parabola.nu>
|
|
|
|
|
|
Update according to latest changes from upstreams.
Rename patches to reflect they're related to FSDG.
Sort records in Remote Settings JSON dumps, since this is expected by
upstream.
identity-icons-brand.svg has been removed upstream, yet Arch Linux added
it to their VCS repo, to be used as "symbolic" application icon in some
DEs. As it looks like we don't have this icon for Iceweasel, let's just
drop it for now. If anybody is not happy about the missing icon, it can
be added later.
|
|
|
|
|
|
The perf-fix-types.patch has been removed becuase it is already
present in the 5.13.8 kernel upstream with the following commit:
20befbb1080307e70c7893ef9840d32e3ef8ac45 (perf tools: Use %zd
for size_t printf formats on 32-bit).
I updated to 5.13.8 as the linux-libre PKGBUILD aso has that
version.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|