You are not logged in.

#1 2023-04-26 06:31:13

jtbx
Member
Registered: 2023-04-26
Posts: 3

"Corrupted" packages in my own custom repository

Hello, I've created my own pacman package repository for me and a few of my friends.
I've copied some PKGBUILDs and their required files from the AUR and generated the .db and .files with repo-add but when I try to install one of the packages I get the message:

:: File /var/cache/pacman/pkg/maxfetch-1.0.0-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (checksum)).
Do you want to delete it? [Y/n]

I created the PKGBUILD for this particular package, and added sha256sums for each of its files. In makepkg it said all files passed, so could someone tell me what's wrong here, and give me some advice please?

Offline

#2 2023-04-26 07:22:01

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,427

Re: "Corrupted" packages in my own custom repository

You need to properly sign the package itself or disable signature checking for your custom repo: https://wiki.archlinux.org/title/Pacman/Package_signing

Offline

#3 2023-04-26 07:40:23

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: "Corrupted" packages in my own custom repository

The error says it is about the package checksums. So nothing to do with PGP signatures.


What is the sha256sum of /var/cache/pacman/pkg/maxfetch-1.0.0-1-any.pkg.tar.zst and what is it listed as in the repo (you can untar it and look at its text files).

Offline

#4 2023-04-26 08:16:56

jtbx
Member
Registered: 2023-04-26
Posts: 3

Re: "Corrupted" packages in my own custom repository

Allan wrote:

The error says it is about the package checksums. So nothing to do with PGP signatures.


What is the sha256sum of /var/cache/pacman/pkg/maxfetch-1.0.0-1-any.pkg.tar.zst and what is it listed as in the repo (you can untar it and look at its text files).

Its sha256sum is

8358aafe66a0f0e47c5154e5cd23fef3f0d92c7b7e90306e86ed32c49704ff18

and it's listed as maxfetch 1.0.0-1 in the repo.

Offline

#5 2023-04-26 10:09:32

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: "Corrupted" packages in my own custom repository

You're supposed to look at the desc file for maxfetch and post what value that file shows under %SHA256SUM%  .


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#6 2023-04-26 18:03:43

jtbx
Member
Registered: 2023-04-26
Posts: 3

Re: "Corrupted" packages in my own custom repository

Oh sorry, the sha256sum listed in the repo is the exact same. The error happens for all packages in my repo, even other more well-known ones from the AUR.

Offline

Board footer

Powered by FluxBB