Package Base Details: tomb

Git Clone URL: https://aur.archlinux.org/tomb.git (read-only)
Submitter: None
Maintainer: parazyd (roddhjav)
Last Packager: roddhjav
Votes: 42
Popularity: 0.866886
First Submitted: 2011-04-15 15:20
Last Updated: 2019-09-07 14:01

Packages (2)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 Next › Last »

frankspace commented on 2015-01-02 05:04

I'm getting an error that "One or more PGP signatures could not be verified." Specifically, Tomb-2.0.1.tar.gz fails because of "unknown public key 73B35DA54ACB7D10".

richli commented on 2014-12-31 03:01

@jswagner: Hmmm, very interesting. I don't use pacaur, so I took a look. I was able to reproduce your problem, so I tried running pacaur in debug mode to track things down better.

It turns out that pacaur (for some reason) calls makepkg as so:

makepkg -sfi --pkg tomb

Note that the "tomb" package is split into two: "tomb" and "tomb-kdf". I assume that pacaur would call makepkg with "--pkg tomb-kdf" if the first makepkg were successful.

Skipping pacaur entirely, I get the same error when I manually run the makepkg command with --pkg. The problem is that it's looking for tomb for the x86_64 architecture (note the filename), but the tomb sub-package overrides the "arch" variable to "any".

I checked here [1] and it says that a split package may override the "arch" option as this one does. So...it seems to me like this is a bug with makepkg, unless there's something about split packages I'm not understanding.

[1] https://wiki.archlinux.org/index.php/Pkgbuild#pkgbase

jswagner commented on 2014-12-31 02:15

I can build and install this manually, but it failed when I tried to update using pacaur. Like the package up and went missing after cleanup.
--
==> Installing tomb package group with pacman -U...
loading packages...
error: '/tmp/pacaurtmp-jason/tomb/tomb-2.0.1-1-x86_64.pkg.tar.xz': could not find or read package
==> WARNING: Failed to install built package(s).

richli commented on 2014-11-28 09:10

@TrailnError: Thanks for the notification, I've updated the package.

Yeah, I don't know why the releases.dyne.org URLs don't contain the current release, upstream specifically directed me to use those URLs instead of the current ones. Maybe they'll update it later.

TrialnError commented on 2014-11-28 08:41

They tagged v2.0 and from the Downloads page it can be retrieved[0]
But dunno why it differ from the old dl page

_____
[0] https://files.dyne.org/tomb
[1] https://twitter.com/DyneOrg/status/537755827814563840

richli commented on 2014-05-29 05:10

I found some time and cleaned up the package a bit and am using the new recommended download URLs. Now that AUR 3.0 supports split packages, this is split into "tomb" and "tomb-kdf".

Further input welcome.

richli commented on 2014-05-23 16:18

@DaveCode: Yeah, this PKGBUILD is really weird, I only adopted it to at least bring it up to date. As you've pointed out, there are still plenty of fixes it needs. I don't have the time right now to work on this, would you be willing to take over maintainership?

DaveCode commented on 2014-05-23 04:39

BTW I don't have wipe installed and it may be optdepends. Do
$ cat src/Tomb-1.5.2/Makefile
which says wipe is just "recommended" not required.

DaveCode commented on 2014-05-23 04:29

1. Same err as 2014-01-05 04:16 showing tomb-kdf twice. Best guess, this PKGBUILD breaks AUR guidelines. It lacks a single package() function. It's two packages, not one. It seems to want tomb-kdf as a "shadow package," not kosher. What the heck is

true && pkgname=(tomb tomb-kdf)

supposed to do? Split into tomb-kdf and tomb separately or merge completely somehow under ONE package name.

If the previous maintainer's work was your baseline, it would be easier to start from scratch using info from

https://wiki.archlinux.org/index.php/creating_packages
https://wiki.archlinux.org/index.php/Arch_packaging_standards
https://wiki.archlinux.org/index.php/PKGBUILD
https://wiki.archlinux.org/index.php/PKGBUILD_Templates
https://wiki.archlinux.org/index.php/VCS_PKGBUILD_Guidelines


2. Oh my...he only signs checksums. Checksums are easy to spoof with mere code comments. Tell jaromil. He needs to sign the tarballs not their checksums.

Right now the PKGBUILD doesn't even check a SHA sig, does it? There's a comment in there about his key, but nothing is done with it?

https://wiki.archlinux.org/index.php/makepkg#Signature_checking

richli commented on 2014-05-21 04:25

@DaveCode:

1) I don't get this error, either by using makepkg or by using pacaur. Namcap doesn't report any errors like this either. I'm not sure how I can troubleshoot this on my end. Is there any more detail you can provide?

2) Check the available files here [1], they don't provide a signature for the tarball itself, only the checksum file. Unless there is one available somewhere else?

[1] https://files.dyne.org/tomb/