29 May
2022
29 May
'22
11:13 a.m.
Le 29/05/2022 à 14:40, kpcyrd a écrit :
ohai!
I blogged about a new tool that can be used to verify a tarball from a signed git tag, while still pinning the sourcecode with >= sha256sum:
What is the advantage over properly pinning the tag using its blob value (`git rev-parse v${pkgver}`, see e.g. https://github.com/archlinux/svntogit-community/blob/packages/gitea/trunk/PK... This is how we solved tag pinning for years, and is much simpler to do in the PKGBUILD. Regards, Bruno/Archange