Package Base Details: libc++

Git Clone URL: https://aur.archlinux.org/libc++.git (read-only)
Submitter: WoefulDerelict
Maintainer: WoefulDerelict
Last Packager: WoefulDerelict
Votes: 237
Popularity: 2.69
First Submitted: 2017-02-04 16:09
Last Updated: 2019-10-11 20:38

Pinned Comments

eschwartz commented on 2019-01-21 03:57

Hi people, this is your regular reminder to SHUT UP about validpgpkeys checks and complaints about the fact that test suites exist.

This package is doing the correct thing, and there has been a great deal of pointless moaning and whining about it, but there is also multiple pinned comments explaining why every one of those complaints is not only null and void, but retroactively ridiculous.

The banhammer is ready and waiting in case you still want to ignore all this on top of the Trusted User warning.

Alad commented on 2018-08-22 12:58

Holy shit guys. What's unclear about "AUR helpers are not supported"? Stop this incessant spam and learn how to use makepkg.

https://wiki.archlinux.org/index.php/Makepkg https://wiki.archlinux.org/index.php/Arch_User_Repository

Any comments on AUR helper issues will be deleted from now on. Repeat offenders will have their accounts suspended.

WoefulDerelict commented on 2018-07-21 11:45

If you experience issues when using an AUR helper please try again using makepkg. AUR helpers are not supported here. The AUR article in the ArchWiki documents the prerequisites and supported process. https://wiki.archlinux.org/index.php/Arch_User_Repository

The test suite contains tests for multiple locales including: en_US.UTF-8, fr_FR.UTF-8, ru_RU.UTF-8, zh_CN.UTF-8, fr_CA.ISO8859-1 and cs_CZ.ISO8859-2. If a locale isn't present on the system the related tests will be marked as unsupported and skipped.

If you encounter issues when building with makepkg please attempt to build this in a clean chroot using using the appropriate devtools script. The Arch Linux DeveloperWiki has an article focused around building packages in a clean chroot which contains information on the devtools scripts and explains the process of building in a clean chroot: https://wiki.archlinux.org/index.php/DeveloperWiki:Building_in_a_Clean_Chroot

There is an active community of users on IRC along with a vibrant Discord server and Forums should you require assistance.

Picking a fight with one of the Trusted Users is a terrible idea.

WoefulDerelict commented on 2017-02-05 03:42

This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developers located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver This article also contains helpful information describing the installation of GnuPG, its configuration and usage.

Execute the following to import keys using gpg:

gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>

The PGP signature check can be skipped by passing --skippgpcheck to makepkg.

The libc++ test suite can be skipped by passing --nocheck to makepkg.

Consult the makepkg manual page for a full list of options. [https://www.archlinux.org/pacman/makepkg.8.html]

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 10 ... Next › Last »

Joan31 commented on 2018-07-20 13:19

Hello, gpg --recv-keys 474E22316ABF4785A88C6E8EA2C794A986419D8A doesn't work. I can't install libc++. What's wrong ? Thank you

Kunda commented on 2018-07-12 14:21

I got the relevant keys from looking the PKGBUILD 'validpgpkeys' array (https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=libc%2B%2B#n25) and ran gpg --recv-keys <the-alphanumeric-gpg-key> but I noticed i needed to add all the keys in the array + i needed to run the commands a few times because it failed connecting to the gpg servers

WoefulDerelict commented on 2018-07-12 02:55

DescartesHorse: One can't fault you for being careful and inspecting things with due diligence.

WoefulDerelict commented on 2018-07-12 02:06

pepper_chico: I build and test this package on an aging Nehalem processor from 2010. The tests use the maximum number of threads available on the host system by design. It takes less than 20 minutes for the build and tests to complete on my eight year old system.

Your experience is not representative of the Arch Linux package ecosystem as a whole. Plenty of packages take far longer and consume more resources to build than this one. check() functions are present in many Arch PKGBUILDs and are a recommended practice. [https://wiki.archlinux.org/index.php/creating_packages#check.28.29]

The test suite has never been broken. The majority of users who've complained here in the comments about issues with the tests were using AUR helpers and were able to successfully complete the build and tests with makepkg. The other failures resulted from users failing to properly follow the Arch Linux Install Guide [https://wiki.archlinux.org/index.php/installation_guide#Locale] and install a POSIX compliant locale.

DescartesHorse commented on 2018-07-12 01:31

@WoefulDerelict: Thanks; I'll look into that :) Whilst I recognise it's an extremely low chance of being the result of a compromise, I do like to practice good security and be on the safe side! Much appreciated

WoefulDerelict commented on 2018-07-12 01:12

DescartesHorse: I suspect the new email address was the reason behind the key change. You can certainly check with Tom via email and ask him about signing the new key with the old one or ask the community in #LLVM on OFTC [https://llvm.org/docs/#irc]. While it is entirely possible that the LLVM Project's web presence was compromised and a fraudulent release and keys were posted there, I suspect this is a highly unlikely explanation for the new key not being signed by the old. The same key is used for the official/binary LLVM and Clang packages in [Extra].

pepper_chico commented on 2018-07-12 01:06

WoefulDerelict: Great it isn't broken now, but as can be checked from comment history, it has not been uncommon, and besides that, personally I've gone through it breaking on tests before, so the time/resource spent until it breaks on one of its million tests is simply lost. I'm on a 7700K desktop, the tests take all threads of the CPU, and it still takes a couple of minutes, it's the sole package in my system that does this.

DescartesHorse commented on 2018-07-12 00:53

So I noticed in the latest commit that Tom's PGP signing key has changed to the redhat address - however, the previous signing key hasn't signed the redhat address (nor have any other keys for that matter). Have we any way to prove this is legitimate? Can we get Tom to sign the new Redhat key with the old key?

WoefulDerelict commented on 2018-07-12 00:05

flightcookie: As it isn't uncommon for maintainers to provide a URL where one can verify the checksums when a secure resource is available (see bluez/lib32-bluez) it seems reasonable enough to include a URL directly pointing to the LLVM Project's download page for the same purpose.

The .asc files the links on the download page point to (hans-gpg-key.asc and tstellar-gpg-key.asc) are the respective individual's key in an encrypted format. It provides a secure way for users to download and import the key into their keychain if they are unable to reach or do not wish to use a keyserver to download the key.

pepper_chico: The test suite isn't broken. It is resource intensive and time consuming on limited hardware; however, it will complete if built using the supported methods i.e makepkg or devtools.

While the .0 and .1 releases are signed by different people with different keys this is the first time one of those keys has changed in years.

pacaur does not support passing arguments to makepkg and the developer has no interest in adding the feature as it "isn't worth it." [https://github.com/rmarquis/pacaur/issues/151]

makepkg and devtools are the only supported way to build packages for Arch Linux. The AUR helpers are, at best, supported by their respective developer(s)/community. Build issues caused by AUR helpers that can't be reproduced via makepkg will be ignored.

fightcookie commented on 2018-07-11 22:35

@CommodoreCrunch thanks!

@WoefulDerelict the link to check the signature would be really helpful in the pkgbuild next to the key; so when checking the pkgbuild before installing, you can directly verify the key! :)

do you know how I can verify it with the .asc file on the linked site apart from just checking the last few digits in the link text?