On 2026-03-20 11:41, 7thCore wrote:
With the advice of Lone_Wolf and twelveeighty I moved the venv creation to the build() function of the PKGBUILD. Psono is only available in a docker image format so I created a custom dlagent to download the docker image, extract the software I need for the package, tarball it and use the tarball as a source file for hash verification. Using a constant mtime value while creating the tarball makes sure the hash stays the same with the same files if they aren't changed upstream.
the source is available on gitlab. would it make more sense to build from source, instead of extracting from a docker image? you can more easily verify this way that the source hasn't been tampered with. https://gitlab.com/esaqa/psono/psono-server Mark