Package Details: brscan4 0.4.8_1-1

Git Clone URL: (read-only, click to copy)
Package Base: brscan4
Description: SANE drivers from Brother for brscan4 compatible models
Upstream URL:
Keywords: printer
Licenses: GPL, custom:brother
Submitter: Harey
Maintainer: Harey
Last Packager: Harey
Votes: 122
Popularity: 3.19
First Submitted: 2011-08-01 08:43
Last Updated: 2019-07-02 16:15

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 ... Next › Last »

marcin commented on 2018-07-29 03:16

Was getting this error:

curl: (51) SSL: no alternative certificate subject name matches target host name '' ==> ERROR: Failure while downloading

I downloaded the brscan4:

git clone

and then manually edited PKGBUILD to have http instead of https for two brother links there.

And then manually build and install the packakage

makepkg -si

Harey commented on 2018-07-27 12:35

@lordbalmung: Done. Thank you for the hint. Did not change the pkgver though because it does not change the package itself.

lordbalmung commented on 2018-07-25 23:38

Can you please modify the source to https instead of http? brother seems to release the rpm in https as well.

egrupled commented on 2018-07-13 15:47

@Harey: it still blocks executing binary files. To be clear: noexec flag isn't defense against malicious PKGBUILD. It's a coincidence that it can break building in circumstances as described below. What I'm advocating here is to prevent that accidental breakage.

Harey commented on 2018-07-13 14:20

Just out of curiosity: what is the sense in this if a malicious PKGBUILD can circumvent it with a - agreed - trivial change?

egrupled commented on 2018-07-13 11:59

@ettavolt: You're partially right :)

If the files were simply copied to chroot dir it will work as files can have executable bit (x) on noexec filesystem - it's just not effective.

The problem is that in Archlinux chroot they're bind mounted, see . That means original mount point flags like noexec are inherited and the build will fail.

So in this example mounting /home (or /var or whatever) with noexec will even break building in clean chroot (assuming /home is where you downloaded PKGBUILD). That's why using ./some-script is harmful in PKGBUILD.

ettavolt commented on 2018-07-13 05:43

Even if the files are copied from noexec FS into clean chroot for that kind of build, they'll miss the flag, won't they?

egrupled commented on 2018-07-12 14:55

@ettavolt: It's not about BUILDDIR (which is set to /tmp as default) directory where packages are being built. It's about SRCDEST (which defaults to dir where PKGBUILD is stored).

If you download brscan4 snapshot to /home mounted with noexec it will still break building in /tmp mounted with default flags. That's because files (like mk-udev-rules) from /home will be symlinked to /tmp. That's the essence of this issue.

Luckily this problem goes away with a trivial change :)

ettavolt commented on 2018-07-12 14:43

To quote the wiki:

the most restrictive … without losing functionality

Particularly, noexec on /tmp is said

breaks compiling packages and various other things

Also, many other packages execute some script as a part of build process. sane itself uses a built undistributed binary to write udev rules.

egrupled commented on 2018-07-12 14:16


Well, I did my best to explain the benefit. Mounting partitions with noexec flag is what Arch wiki recommends for security: . I don't understand why not use my approach which will work always instead of something which can break in a known scenario. I'm modifying this locally for years but I thought it would be beneficial to upstream it to prevent everyone from hitting this issue.