Talk:Unofficial user repositories
32-bit PGP key id's are not secure
Shouldn't we put complete PGP key fingerprints here? The short 32-bit key ID's are trivial to spoof these days: https://evil32.com/ Ghen (talk) 13:25, 1 November 2020 (UTC)
script for listing files from unofficial repositories
Flagged some repositories based on this script https://gist.github.com/rpuntaie/3e870acec5c34f643db61c073494ab72
Roland Puntaier (talk) 09:36, 19 August 2021 (UTC)
- It does not matter if the "server returns 404", since the server may have directory listing disabled but still serve the files correctly. E.g. Unofficial user repositories#dasbaumwolltier: https://repo.guldner.eu/repository/archlinux/ returns 404, but https://repo.guldner.eu/repository/archlinux/x86_64/dasbaumwolltier.db works. — Lahwaacz (talk) 10:08, 19 August 2021 (UTC)
- I see. You kept my flagging in some cases. I changed the script. These are returning 404 also for the db file: ashleyis dkp-linux jk-aur alucryd alucryd-multilib archlinuxgr-kde4 symbiflow-git. Why did you unflag these? Roland Puntaier (talk) 11:54, 19 August 2021 (UTC)
- I think you may also need to check compressed extensions (e.g.
$repo.db.tar.gz
and maybe others) to have a meaningful test. I think you should probably find a way to test this withpacman
itself instead of inventing new queries. At the very least hand check a few before doing bulk flagging. Alerque (talk) 12:00, 19 August 2021 (UTC)
- I think you may also need to check compressed extensions (e.g.
- I did add all extensions from https://wiki.archlinux.org/title/Pacman/Tips_and_tricks#Custom_local_repository, still the same 7 repos return 404. I agree that pacman should be used. I would like to provide the URL and it gives me back the list of packages, but I need to do some research regarding this. Roland Puntaier (talk) 12:32, 19 August 2021 (UTC)
- You can use pyalpm to do the equivalent of
pacman -Sy
andpacman -Sl
in Python, even with a custom config. Or use pacman directly in a shell script with custom--config
,--dbpath
, etc. arguments. — Lahwaacz (talk) 18:32, 19 August 2021 (UTC)
- You can use pyalpm to do the equivalent of
- Thanks, I'll look into pyalpm. But in the meantime I added
unofficialdb
to the above gist, which does (url->pkg list) according pacman's repo-add (which usesbsdtar
, ...).
- Thanks, I'll look into pyalpm. But in the meantime I added
These repo's fail: ashleyis dkp-linux jk-aur linux-nitrous mobile ownstuff-testing trinity alucryd alucryd-multilib archlinuxgr-kde4 BioArchLinux jkanetwork llvm-rc symbiflow-git
. Roland Puntaier (talk) 06:05, 20 August 2021 (UTC)
Triinity Desktop AUR Repo Fix
I get really nerdy sometimes about putting EVERY aur reoo in my pacman.conf and today i got the itch nut trinity desktop aur url was bad 404d with pac receive keys Key-ID: 8685AD8B
Got a 404 so I checked their wiki https://wiki.trinitydesktop.org/Arch_Trinity_Repository_Installation_Instructions Their key there is wrong though, need to import one I found on some bbs bored, so they say to do this... pacman.conf add;sudo pacman-key --keyserver keys.gnupg.net --recv-key D6D6FAA25E9A3E4ECD9FBDBEC93AF1698685AD8B
[trinity]
Server = https://mirror.ppa.trinitydesktop.org/trinity/archlinux/$arch
- pacman-key --recv-key D6D6FAA25E9A3E4ECD9FBDBEC93AF1698685AD8B
- pacman-key --lsign-key D6D6FAA25E9A3E4ECD9FBDBEC93AF1698685AD8B
foubnd on their bbs with a valid key server like so...
Which is okay but that aur url is dead and so on some random page duckduckgoing on some old page or message board I found what works...
...if you reallly need it: sudo pacman-key --keyserver keys.gnupg.net --recv-key D6D6FAA25E9A3E4ECD9FBDBEC93AF1698685AD8B && sudo echo "
- servers all 404 DE is on aur if needded [trinity]
- Server = https://mirror.ppa.trinitydesktop.org/trinity/archlinux
- Server = https://repo.nasutek.com/arch/contrib/trinity/archlinux
[trinity] Server = http://mirror.ppa.trinitydesktop.org/trinity/archlinux/x86_64/ " >> /etc/pacman.conf (make sure pacman.conf is 777 or do it as root ( $ su - ) and keys:
When I finish the rest pof the entire aur list next time im bored, ill post here or on reddit with my pacman,conf its taken me all year adding a couple everytime im bored
—This unsigned comment is by Nsomnia (talk) 2022-11-24T00:21:10. Please sign your posts with ~~~~!