search

waywardgeek / infnoise

The world's easiest TRNG to get right
Creative Commons Zero v1.0 Universal
732 stars 100 forks source link

Updated Arch PKGBUILD #73

Closed AidanGG closed 5 years ago

AidanGG commented 6 years ago

I tweaked the PKGBUILD to be more inline with AUR packaging requirements. It's for a potential infnoise-git package that someone might want to maintain on the AUR (could be me if desired).

PKGBUILD

manuel-domke commented 6 years ago

Thanks a lot for your improvements. I already merged most of them to the PKGBUILD.arch file under build-scripts.

Feel free to maintain the AUR packages, but please stick to the releases from the 13-37-org (or at least the versioning scheme, if you want to release more often)

AidanGG commented 6 years ago

Alright, I've posted the first package on the AUR: infnoise-git. This one is a -git package, so it will build the latest commit from the 13-37-org repo. I am planning on creating an infnoise package which builds the latest release.

manuel-domke commented 6 years ago

Usually I create signed packages for release builds - also for ArchLinux.

Maybe GPG signing is not needed for AUR packages at all - as the source is coming from Github and your package building process is transparent enough to make sure the binary comes from a unmodified check-out?

AidanGG commented 6 years ago

So this infnoise-git package probably doesn't need GPG signing due to coming from GitHub like you said, but also since this package builds the latest commit on the 13-37-org repo, you wouldn't have signed each individual commit.

For the stable infnoise AUR package that I'm planning, usually they're built by taking some sort of archive (e.g. tar.xz) of the source for that git tag. You can also attach a signature to that archive (.tar.xz.asc) which can be used to verify the integrity of the source.

manuel-domke commented 6 years ago

Sounds good. I'll upload a signed archive on Github/files.13-37.org for future releases. (0.3.0 coming very soon)

Probably one could also trust the archive created by Github: https://github.com/13-37-org/infnoise/archive/0.2.6.zip

But I prefer signing them separately. This will make the whole build process more transparent (also for the other distros).

AidanGG commented 6 years ago

In that case I will probably hold off on publishing the infnoise stable package on the AUR until 0.3.0.

AidanGG commented 6 years ago

I have added an entry to the AUR for the stable 0.3.0 release. To summarise, there are two packages:

infnoise: which builds from the latest stable release, using the signed source tarballs, infnoise-git: which builds from the latest commit on the 13-37 fork.

Feedback is welcome.

manuel-domke commented 5 years ago

Thanks for your support. I'll close this issue now.