Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#58603 - [usbutils] Add signature verification of the source tarball
Attached to Project:
Arch Linux
Opened by Leonid Isaev (lisaev) - Tuesday, 15 May 2018, 09:31 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 15 May 2018, 15:19 GMT
Opened by Leonid Isaev (lisaev) - Tuesday, 15 May 2018, 09:31 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 15 May 2018, 15:19 GMT
|
DetailsThe PKGBUILD of usbutils fetches source from http://www.kernel.org/pub/linux/utils/usb/usbutils/ , but doesn't make use of the signature available alongside the source tarball, for example, usbutils-009.tar.xz and usbutils-009.tar.sign. The key belongs to gregkh (647F28654894E3BD457199BE38DBBDC86092693E) and is the same as in the linux package, so we only need to add a few lines to the PKGBUILD, see attached diff against SVN trunk...
Thanks! 
PKGBUILD.diff
(0.7 KiB)
|
This task depends upon
Closed by Doug Newgard (Scimmia)
Tuesday, 15 May 2018, 15:19 GMT
Reason for closing: Deferred
Additional comments about closing: Covered by https://www.archlinux.org/todo/use-gpg-s ignatures-and-https-sources/
Tuesday, 15 May 2018, 15:19 GMT
Reason for closing: Deferred
Additional comments about closing: Covered by https://www.archlinux.org/todo/use-gpg-s ignatures-and-https-sources/