Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#76611 - [cmake] use signed git tag
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Thursday, 17 November 2022, 18:19 GMT
Last edited by Antonio Rojas (arojas) - Friday, 26 May 2023, 20:02 GMT
Opened by T.J. Townsend (blakkheim) - Thursday, 17 November 2022, 18:19 GMT
Last edited by Antonio Rojas (arojas) - Friday, 26 May 2023, 20:02 GMT
|
DetailsDescription:
The attached diff switches the cmake PKGBUILD to use a PGP-signed git tag for authenticity. Additional info: I also tried to get upstream to sign the tarballs we currently use but was unsuccessful. 
cmake.diff
(1.3 KiB)
|
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 26 May 2023, 20:02 GMT
Reason for closing: Fixed
Additional comments about closing: 157fa063a96e5d1bf3d751135ec5766b8295f2d0
Friday, 26 May 2023, 20:02 GMT
Reason for closing: Fixed
Additional comments about closing: 157fa063a96e5d1bf3d751135ec5766b8295f2d0
(uses tag=v${pkgver} instead of a commit ID for the maintainer's convenience this time, since the former doesn't seem to be wanted)
"No, sorry. Please fetch the .txt, check its signature, and use it to verify the hash of the real tarball."