[aur-requests] [PRQ#26727] Deletion Request for zsh-theme-powerlevel10k-git
notify at aur.archlinux.org
notify at aur.archlinux.org
Sun Jun 27 15:31:49 UTC 2021
eschwartz [1] filed a deletion request for zsh-theme-powerlevel10k-git
[2]:
This package contains a mysterious binary not present in the source
code nor built in the PKGBUILD:
zsh-theme-powerlevel10k-git E: ELF file ('usr/share/zsh-theme-
powerlevel10k/gitstatus/usrbin/gitstatusd-linux-x86_64') found in an
'any' package.
zsh-theme-powerlevel10k-git E: ELF file ('usr/share/zsh-theme-
powerlevel10k/gitstatus/usrbin/gitstatusd-linux-x86_64') outside of a
valid path.
And as noted by namcap, it's being installed by a PKGBUILD which
claims it is an "any" package, which violates
https://wiki.archlinux.org/title/PKGBUILD#arch
A bit of digging around in the build process shows this is downloaded
over the network during the build by:
https://github.com/romkatv/powerlevel10k/blob/master/gitstatus/Makefile#L38
https://github.com/romkatv/powerlevel10k/blob/master/gitstatus/install
rather than being built from source... the resulting binary is
unverifiable (and doesn't follow site policy for build flags including
e.g. security flags) and as such would need to be part of a correctly
disclaimed "zsh-theme-powerlevel10k-bin" or "zsh-theme-
powerlevel10k-bin-git" package.
[1] https://aur.archlinux.org/account/eschwartz/
[2] https://aur.archlinux.org/pkgbase/zsh-theme-powerlevel10k-git/
More information about the aur-requests
mailing list