[arch-general] Packages Verified with MD5

Kyle Terrien kyleterrien at gmail.com
Sun Jan 12 15:56:15 EST 2014

On 01/12/2014 12:40 PM, Taylor Hornby wrote:
> I guess I just don't understand what happens when I type "pacman -S
> firefox." Does that run the PKGBUILD on my system, or does it download
> and install pre-compiled (and signed) Firefox binaries that were
> created by one of the Arch developers using the PKGBUILD?

"pacman -S firefox" installs a pre-compiled binary maintained by an Arch
Dev. On the other hand, PKGBUILDs are for building packages.

And the official firefox package is cryptographically signed by the
package maintainer (not Mozilla).

Hopefully, that clears things up.

If you really want to build a firefox package yourself, you can set up
ABS. If you build a package from ABS (using makepkg), you will run the
PKGBUILD. <https://wiki.archlinux.org/index.php/Abs>

Kyle Terrien

PS: Great discussion on exploiting MD5.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140112/39d3b137/attachment.asc>

More information about the arch-general mailing list