On 16-11-26 19:27:37, Eli Schwartz via aur-general wrote:
On 11/26/2016 01:01 AM, Florian Bruhin wrote:
* Upstream does not provide any GPG signature of the tarballs nor commit signature. I've chosen to provide a detached GPG signature of the downloaded tarball with my GPG key. For me, its better to have this link-ability between the package maintainer and the downloaded tarball than nothing at all.
Not sure if that makes much sense, and FWIW I've had some issues with people not being able to install AUR packages with PGP keys. I don't recall exactly what the problem was though...
This. GPG signatures are meant to prove that upstream really released it, but if all you know is that the AUR maintainer *thinks* this is the upstream release, you might as well just stick with checksums, which will serve just as well to prove the source code is the same source code the AUR maintainer used.
Anyone who can defeat the checksum (by modifying your PKGBUILD) can also defeat your own GPG key.
You are right I have remove this, my first goals was to sign my PKGBUILD file I don't think its possible ? On 16-11-26 07:01:15, Florian Bruhin wrote:
optdepends=('inkscape: tools for manipulating vector objects (eg: SVG files)')
You'd usually put an explanation when/why inkscape is needed here.
if [ -f LICENSE ]; then install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" install -Dm0644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE.launcher" else warning "license file not found" fi
Why would it ever not exist? I add this check in case upstream change for any reason and not break
Inkscape (or any other tool for SVG handling) is needed if one would like to see the result of generated document in SVG format. As there could be a long list I am not sure if such dependencies should be put into PKGBUILD, even in optdepends ? the build process. The warning should be enough to let me investigate. I generally don't perform operation on resource that could not be present, I just applied this here too. Thanks for your feedback, I have updated the PKGBUILD[0]. [0] https://git.bourgeois.eu/aur_python_viivakoodi.git/tree/