You are not logged in.
- Topics: Active | Unanswered
#1 2018-06-27 10:09:15
- lightspot21
- Member
- Registered: 2018-06-27
- Posts: 3
Questions about AUR registration
Hello everyone,
I've noticed that the package 'codeblocks-svn' on AUR is quite some builds behind the latest svn version and I'd like to notify the maintainer (or adopt it if the maintainer is not active any more, due to the package having been last updated 6 months ago). I read on the wiki that you need an AUR account to post the notification, so I tried to make one. It asks for a PGP fingerprint and an SSH public key. So my questions are:
1) Do I need to generate separate keys (via gpg and ssh-keygen) or I can use the public key from my gpg keypair?
2) Every time I tried to enter an SSH public key (either the gpg one or the one from ssh-keygen) I'm getting the error: "The SSH public key is invalid." What does this mean and how can I fix it?
Please excuse me for the uber-noob questions, I have never needed keys before and everything I found out was from googling.
Thanks in advance,
lightspot21
Offline
#2 2018-06-27 10:22:13
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,456
- Website
Re: Questions about AUR registration
1) you can use suitable existing key pair you already have and there is no need to make a pair specifically for the aur. It seems simpler to me to use your existing key. That said, I'm far from an expert (far even from proficient) with key use - so perhaps someone else can comment on best practices and the pros and cons.
2) Can you post here exactly what you are entering there - first ensure it is just the public key which is safe to share anywhere including a forum (never post your private key anywhere on a website).
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
#3 2018-06-27 10:34:24
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,081
Re: Questions about AUR registration
Also on your endeavour in particular, as you are talking about a VCS package unless something is verifiably outdated and broken in regards to the PKGBUILD (and e.g. the build options it specifies need adjustments) there's no need for the maintainer to actively update the PKGBUILD. By their nature, VCS packages will pull the latest commit available and dynamically redefine the pkgver to represent the latest commit.
Last edited by V1del (2018-06-27 10:34:55)
Offline
#4 2018-06-27 10:58:36
- lightspot21
- Member
- Registered: 2018-06-27
- Posts: 3
Re: Questions about AUR registration
@Trilby: I'm trying to post this as my SSH public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFszlfQBEADUnfJ4x0QMdhDovP/cG16XvRpYmk6P908NPnkkFwFk0SgOAg1F
e1Bjhr6nOmd3RM1cjCNV3w+j+uLuGlgHHmDEh+muohjnfe483AJCTQFMis/NpYNB
5w+OGu3JKr1dBM2BBm1rSQe2JnB7C0Cjrkt/6M38rDJSLSYR7EhXJNt12XinTo9x
PQNirFNlcya8UEi95YAdreWjauBejouXfNkMEpZXMSwd7l/j0i+/SdQMAA0gwHYU
JNMI3OtwkbcWrkqqmtuDdXsXsMJUNdgjza32vRb//j+TRShCBcNvhOPCmHIpu8BB
X1WyuKtgsUDbp3tOj9ta6bELXSi/+ZxMarUZ5n/u2qSL2HCJB1XJ8SGZ+lg8eakK
M8WAAk8wGkz9CS+ZM6nC2D1k+COfqwmy5dSVk3vQELFQLNtm0A3E7A7iHSU8gzUI
Rd9/xZXTUD0OkEPH03QcrHNu5boklkiZqbuYvW9R+/4Gm/4Hxjj1yqF9nVYGSeye
/c8k7PUJigIiACcD1lDvJY3ORld0nikiW6YBVXbs+Xtnca395FKD7993sdzbl6TN
cTSk1Kr22Kz/sjlzYS7a6TSflajUGhoHY2xzLVbfosgn82CjHnJBsvF+WNLpv6am
H2bkX/cQ1Ar24knEh4QCwFw/fQ3K0UrQf5iiAfNqKmQOdfnw6T92G6VopwARAQAB
tEBHcmlnb3JpcyBQYXZsYWtpcyAoQVVSIHVwbG9hZGluZyBrZXlwYWlyKSA8bW9y
cGhldXNAZ3JlZWtsdWcuZ3I+iQJUBBMBCAA+FiEEvMebzw7FJHZ5GywY5fYjLOwK
TccFAlszlfQCGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ5fYj
LOwKTccR6hAAi002Vcf1JXS+ZHIU6XzknBLDxAaGcSkm4Lm/G5Kzhdh4WdHMwr0b
2mqgu5vePxMUsg34eAd2FF0WA+fHivir1LQa3I8B/WhakrtUuW0yZsec6laXQUEO
3z8FfwEswJG0Y6+AHg1cFZP944PoNu8XMdQRmEcyLqws6wF1ZOKG2qghO81G0Rgu
Q2YvB64YYVTs1sXcVYxKYNKPpNrvOctiXcJ9A4ifQNbnEPFPPV5MdHrNMhSAOeq3
jCGeh6TakHa4eyDDTr1bS9s7ozKGEwbU0HFGHLJQiSZkbVgoC/nju/M9jR0mK7I0
czUG9iAamrzfgw+AbSJx/odMDzlPu4rHbkf1pY8DwyFUOqyUY4kh08mreB3Vq8bc
tyE4vsjGoOkxfxPEZpKyokpyJyO4QAGN5CHpg9LK1tiGoB364LjjaE+roAb0BemE
F4DcLWl5JimJuKHZTM8ZRxyydDZuaNxF6kVwlTokiX+S9zQBi9RxdOE4BsWeMGhc
Ydt6+71iMJgtSKQBBiznwQh1WlPXnzwsTUu8uLD5ubsgSXZTKs0LI0C+Oc0CpoiW
dFrUKkgnF09OACwajTyUiaJW9tg+D1j41FIrVy+FDkR1sN/PiBqcdouli+5jt6EO
+TdaYCGAOblTGF3ELpuNbPNUp8mTtMeUu4BZvIF2rvIjGVXujpIAh9e5Ag0EWzOV
9AEQAPRotHe9gsEiMXyPA45fTLHPYEQZ/dYEYVDZ6AW1cwwT5ZYc7HpK12O0VPxT
DOjj7F0D3nMEdH1caUo94gDVWGq9Z/mcX8xnDaFAXNMa0s3heNo7Gd1zMpo0M98q
qmcF97yX/WyBY6oXZ5Ebbg5MvBkFkL47V58ql1zpdt906Sn+irF31aQFLf+PongB
iNb3jvOvjzLARtT5FuhlWnRX8z/1nodjeFx62VcVYFsEFQZ4h+16tqCCOV3NbZVF
GD+xdKvh3NE3pDByxUG7jIt10WQ9qhF/GPiMfxgUkGNiOevRzAfUQIdGInHf+v7v
RYYjIF5b8oZJBaWqtqBQX2OicM5U0ZaSadDiP+1usWu3bwb1vcSycZbCxrFLRSrr
oMMZ9UGnk4djWMVrapM6Stq/ycbHmJTwBiQddK8MbIjim7gVOYZnHcu8xaTtPWRa
SnnkMtIF9ScHfh4hPPvc8XD1ywj2J1qZSYNjbJlmHX0p/rV12Y+HoP05ti+OT5mf
HCmRx3Bme4SavIS7ERdAUxs5H4PMFoIZG6hmLP2wY46TpsDP2t+BHupODSXqqFo7
VZjFVRZluLKNv6WVgWiPO+wCYpXh9XrHag9qB1wSMB0qNXEDPNzUi2U9vlnUzNbs
8duGWTlqFJxdn+BNYcwEOdKTkzWtMK4LyWCEeFRySb6Rzd9hABEBAAGJAjwEGAEI
ACYWIQS8x5vPDsUkdnkbLBjl9iMs7ApNxwUCWzOV9AIbDAUJAeEzgAAKCRDl9iMs
7ApNx8s/EACMTcxfEGjpuOgc1jBDFW0QC+dXiifLanscqC0tISMk5Bk/eKrJpgBq
rc+KkrR81lyur7cUzlcz0Zk96/0Z3YniddEYKKjTOUkLnhNr4ngqTbOO/YwXLoK+
0EbTMeE6/crqyymbpl+qwS5Bg+muuttALzO6WSOmDGCir09LD+VRoU5Xl6xzo6xu
NUxVjk9AcV56sX1tZvwv3l4bn5sd+QfTorIU7+9cdlc3QoUKWxbG34Z9VyQlay/U
PSCcWP/kgEgzG7kpW9i3KCwuLwwOKDY0XZEqAMgmYosTDggcEjlyyBD6gtQ/mMa+
mKsLsAk47SGKpnFr/bcPcE4qP4vE/Ltj1XdzmIAX3MkLCvUwpFR857Sys5mHvI3W
DeRpP75HZJQ/8g5tzJZBMbCy+uaXOw6Scvo8i/WQAzito4JsQN7jMgIN/ovY0aZy
qYTdeV7yuCBQf6g3i4uOoC8NHJ+rRu5cTk46m0JiekqGgk/eQqVSAx8bC/rVdBWU
XWhtLH5FGJpsZAEmA/z5UXW2eewzv7NBbzMdJ6qeYaTP1+V5M4UMKkc/5/dY8blZ
Qz3I6gV02Zq6kIq1AzPJ3Q6BZ7QOLDbhBq+n6VrBpSg7V80wi5UY4QYynxbWZCrz
IlKWCLqiv1oAu00lK/68TyYm+LR8axPDcKD+NsKmKWd4Wf8FlgFWTQ==
=9PxO
-----END PGP PUBLIC KEY BLOCK-----(without the BEGIN and END blocks of course)
@V1del: When installing, it doesn't pull the latest version from the SVN (which is rev. 11417) but specifically the version 11023. So that's weird, if it is a VCS package.
Last edited by lightspot21 (2018-06-27 11:15:26)
Offline
#5 2018-06-27 11:12:18
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,081
Re: Questions about AUR registration
Please use [ code ] tags when posting output
Regarding your remark, very unlikely there's no indication towards that happening in the PKGBUILD elaborate on "installing" what do you use to ascertain that? Again, the pkgver is redefined during the build and the final package will have the correct commit. I'm assuming you are using some AUR helper and don't know what is actually happening, I highly suggest you read the link I posted as well as:
https://wiki.archlinux.org/index.php/Ar … ackages.3F
https://wiki.archlinux.org/index.php/Makepkg
Offline
#6 2018-06-27 11:20:28
- lightspot21
- Member
- Registered: 2018-06-27
- Posts: 3
Re: Questions about AUR registration
@V1del: Yep, you're right. I just saw in my helper's output (pamac) that the version changes to the latest commit, just before cloning. Thanks.
Offline
#7 2018-06-27 11:27:35
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,081
Re: Questions about AUR registration
Getting back on track on the actual problem, you shouldn't have to touch that. Keep the file and the comment as is. However I don't think you can use PGP for SSH keys, though as Trilby I'm not that invested in the topic and might be wrong.
And in general if you simply want to use the notification cababilities you don't need the key yet. And you should always contact the maintainer first, via the comment section or an email, before requesting a package to be orphaned
Last edited by V1del (2018-06-27 11:33:23)
Offline
#8 2018-06-27 11:35:13
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,456
- Website
Re: Questions about AUR registration
Be wary of copy paste issues if you are trying to select the text you see in an editor.
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
#9 2018-06-27 20:10:50
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: Questions about AUR registration
Hello everyone,
I've noticed that the package 'codeblocks-svn' on AUR is quite some builds behind the latest svn version and I'd like to notify the maintainer (or adopt it if the maintainer is not active any more, due to the package having been last updated 6 months ago).
As mentioned, see the note in the AUR FAQ: https://wiki.archlinux.org/index.php/Ar … ld_I_do.3F
The package is not out of date.
I read on the wiki that you need an AUR account to post the notification, so I tried to make one. It asks for a PGP fingerprint and an SSH public key. So my questions are:
The PGP key is completely optional information, just like your real name, IRC nick, homepage, and timezone.
Required info is listed as "(required)", and there are only two such items: your username, and your email address.
The SSH key is needed in order to be a packager and upload packages to the AUR, but that is only one aspect of the AUR's functionality (and not the part you're trying to do). It is not mandatory to submit this info, but it does unlock some functionality...
1) Do I need to generate separate keys (via gpg and ssh-keygen) or I can use the public key from my gpg keypair?
2) Every time I tried to enter an SSH public key (either the gpg one or the one from ssh-keygen) I'm getting the error: "The SSH public key is invalid." What does this mean and how can I fix it?
PGP is not SSH, and PGP keys are not SSH keys.
You *cannot* use the PGP public key as an SSH public key, just like you *cannot* use a car to travel across a lake, you need a boat -- and vice versa. They're both useful methods of transportation/encryption, but they do it in totally different ways.
(I will ignore, for the moment, the fact that an authentication subkey in your PGP key can be converted into an SSH key using commands you've never heard of and probably don't care about given that for your purposes, you probably don't have a huge urge to store your SSH key inside of the GnuPG keyring data.)
Last edited by eschwartz (2018-06-27 20:22:16)
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
#10 2018-06-27 20:18:29
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,456
- Website
Re: Questions about AUR registration
just like you *cannot* use a car to travel across a lake
You've clearly never been ice fishing.
But I will agree about the "vice versa": I imagine it'd be very hard to use a lake to travel across a car 
Last edited by Trilby (2018-06-27 20:19:19)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline