GPG Signature or Hash Verifications?

[githububub]

Being that the Curses library is so important, can you provide us with auth mechanisms to ensure the integrity of our downloads? Thank you for continuing development on netbsd-curses as it has replaced ncurses on several Arch boxes thus far. The only build issue I came across was with urxvt:

/usr/bin/tic ./etc/rxvt-unicode.terminfo tic: rxvt-unicode: kDC5: unknown capability tic: rxvt-unicode: kDC6: unknown capability tic: rxvt-unicode: kDN: unknown capability tic: rxvt-unicode: kDN5: unknown capability tic: rxvt-unicode: kIC5: unknown capability tic: rxvt-unicode: kIC6: unknown capability tic: rxvt-unicode: kEND5: unknown capability tic: rxvt-unicode: kEND6: unknown capability tic: rxvt-unicode: kFND5: unknown capability tic: rxvt-unicode: kFND6: unknown capability tic: rxvt-unicode: kHOM5: unknown capability tic: rxvt-unicode: kHOM6: unknown capability tic: rxvt-unicode: kLFT5: unknown capability tic: rxvt-unicode: kNXT5: unknown capability tic: rxvt-unicode: kNXT6: unknown capability tic: rxvt-unicode: kPRV5: unknown capability tic: rxvt-unicode: kPRV6: unknown capability tic: rxvt-unicode: kRIT5: unknown capability tic: rxvt-unicode: kUP: unknown capability tic: rxvt-unicode: kUP5: unknown capability

At minimum what needs to be done to replace ncurses on Arch is:

1. Build ncurses out of bash (to allow pacman to function)
2. Install netbsd-curses based on: http://pastebin.com/X85EA5A8
3. Drop PGP and hash verifications for readline/pinentry/gpg
4. Build readline/pinentry/gpg against netbsd-curses; install
5. Build binutils against netbsd-curses and rebuild netbsd-curses; install

I'll continue testing as I go along. Again, thanks for porting this over :)

[rofl0r]

nice to see arch interested in this project!

i attached now the sha512sum to the release download page here on github. generally the upstream URL for releases is http://ftp.barfooze.de/pub/sabotage/tarballs/ and we ususally also update the sabotage linux package with the release sha512 hash when we do a version bump: https://github.com/sabotage-linux/sabotage/blob/master/pkg/curses#L3 , this info is just for double-checking because i'll publish the checksum from now on with the release notes here on GH.

i looked into the arch package and there's one thing you could improve: rather than doing sed on GNUmakefile you can just echo "CFLAGS=-O1 -fPIC" > config.mak.

as for the urxvt issue: i'm aware of that ( #9 ) and i think to solve it someone would have to contact urxvt upstream and ask if they could supply their terminfo snippet in a format that's supported (i.e. like all other terminfo entries in https://github.com/sabotage-linux/netbsd-curses/blob/master/terminfo/terminfo ) - we would even gladly add that to our default terminfo db and built-in terminfo entries.

if there's something else i can help you with let me know and good luck with your project!

[rofl0r]

i just saw another thing in your recipe that should be fixed: if you just pass PREFIX= at make install time, hardcoded filenames such as the location of the global terminfo db will assume "/usr/local" as prefix. so it would be best if you echo PREFIX=/usr >> /config.mak in prepare().

[githububub]

Thank you for the hash :) . Using the following updated build recipe: http://pastebin.com/EF7c0jSU

...results in...

==> Making package: netbsd-curses 0.1.1-1 (Thu Nov 10 19:13:15 UTC 2016) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found netbsd-curses-0.1.1.tar.xz ==> Validating source files with sha512sums... netbsd-curses-0.1.1.tar.xz ... Passed ==> Removing existing $srcdir/ directory... ==> Extracting sources... -> Extracting netbsd-curses-0.1.1.tar.xz with bsdtar ==> Starting prepare()... ==> Removing existing $pkgdir/ directory... ==> Starting build()... cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -I./tic -O1 -fPIC -Werror-implicit-function-declaration -c -o tic/tic.o tic/tic.c cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -I./tic -O1 -fPIC -Werror-implicit-function-declaration -c -o tic/cdbw.o tic/cdbw.c cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -I./tic -O1 -fPIC -Werror-implicit-function-declaration -c -o tic/mi_vector_hash.o tic/mi_vector_hash.c cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -I./tic -O1 -fPIC -Werror-implicit-function-declaration -c -o tic/compile.o tic/compile.c cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -O0 -g0 -c -o nbperf/nbperf.o nbperf/nbperf.c In file included from /usr/include/endian.h:21:0, from ./netbsd_sys/endian.h:4, from nbperf/nbperf.c:45: /usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]

warning _FORTIFY_SOURCE requires compiling with optimization (-O)

^~~~~~~

cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -O0 -g0 -c -o nbperf/nbperf-bdz.o nbperf/nbperf-bdz.c In file included from /usr/include/err.h:22:0, from nbperf/nbperf-bdz.c:40: /usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]

warning _FORTIFY_SOURCE requires compiling with optimization (-O)

^~~~~~~

cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -O0 -g0 -c -o nbperf/nbperf-chm.o nbperf/nbperf-chm.c cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -O0 -g0 -c -o nbperf/nbperf-chm3.o nbperf/nbperf-chm3.c cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -O0 -g0 -c -o nbperf/graph2.o nbperf/graph2.c In file included from /usr/include/err.h:22:0, from nbperf/nbperf-chm.c:39: /usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]

warning _FORTIFY_SOURCE requires compiling with optimization (-O)

^~~~~~~

In file included from /usr/include/err.h:22:0, from nbperf/nbperf-chm.c:39, from nbperf/nbperf-chm3.c:4: /usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]

warning _FORTIFY_SOURCE requires compiling with optimization (-O)

^~~~~~~

In file included from /usr/include/err.h:22:0, from nbperf/graph2.c:40: /usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]

warning _FORTIFY_SOURCE requires compiling with optimization (-O)

^~~~~~~

cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -O0 -g0 -c -o nbperf/graph3.o nbperf/graph3.c In file included from /usr/include/err.h:22:0, from nbperf/graph3.c:40: /usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]

warning _FORTIFY_SOURCE requires compiling with optimization (-O)

^~~~~~~

cc -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -DINSTALL_PREFIX=\"/usr\" -O0 -g0 -c -o nbperf/mi_vector_hash.o nbperf/mi_vector_hash.c cc -O1 -fPIC -Werror-implicit-function-declaration -D_FORTIFY_SOURCE=2 -I. -I./libterminfo -DHAVE_WCHAR -c -o libterminfo/ti.o libterminfo/ti.c In file included from /usr/include/endian.h:21:0, from ./netbsd_sys/endian.h:4, from nbperf/mi_vector_hash.c:47: /usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]

warning _FORTIFY_SOURCE requires compiling with optimization (-O)

...where FORTIFY_SOURCE warnings regarding -O0 persist. CFLAGS in config.mak do not appear to take precedence over GNUmakefile for nbperf.

[rofl0r]

oops, you uncovered a bug: fixed here https://github.com/sabotage-linux/netbsd-curses/commit/2cb5395a563cd2b277fd43f8a728b2fbaee8fe96

[githububub]

2cb5395 with echo CFLAGS+= -fPIC > config.mak did the trick.