[aur-general] TU application: hashworks
hashworks
mail at hashworks.net
Mon Jun 8 21:17:57 UTC 2020
Hi Jelle,
> * filebin - the package is not -git but does pull from git master,
> ideally it would use #commit= and maybe verify the commit if it's
> signed.
I've switched to `#tag=${pkgver}?signed` and `validpgpkeys`. Much
better than a checkout in `prepare()`, thanks!
> * srrdb-terminal-client is not reproducible at least not as you embed
> the build date.
Ah, correct. I've altered the date command to use `$SOURCE_DATE_EPOCH`,
good to know that exists.
> You can check if your package is reproducible by using `makerepropkg`.
I'll have to implement that in my pipeline, but that is something for
the weekend.
Best Regards
hashworks
--
hashworks
Web https://hashworks.net
Public Key 0x4FE7F4FEAC8EBE67
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20200608/de222b65/attachment.sig>
More information about the aur-general
mailing list