FS#76611 - [cmake] use signed git tag
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Thursday, 17 November 2022, 18:19 GMT
Last edited by Antonio Rojas (arojas) - Friday, 26 May 2023, 20:02 GMT
Opened by T.J. Townsend (blakkheim) - Thursday, 17 November 2022, 18:19 GMT
Last edited by Antonio Rojas (arojas) - Friday, 26 May 2023, 20:02 GMT
|
Details
Description:
The attached diff switches the cmake PKGBUILD to use a PGP-signed git tag for authenticity. Additional info: I also tried to get upstream to sign the tarballs we currently use but was unsuccessful. |
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 26 May 2023, 20:02 GMT
Reason for closing: Fixed
Additional comments about closing: 157fa063a96e5d1bf3d751135ec5766b8295f2d0
Friday, 26 May 2023, 20:02 GMT
Reason for closing: Fixed
Additional comments about closing: 157fa063a96e5d1bf3d751135ec5766b8295f2d0
(uses tag=v${pkgver} instead of a commit ID for the maintainer's convenience this time, since the former doesn't seem to be wanted)
"No, sorry. Please fetch the .txt, check its signature, and use it to verify the hash of the real tarball."