You are not logged in.
- Topics: Active | Unanswered
#1 2023-04-26 06:31:13
- jtbx
- Member
- Registered: 2023-04-26
- Posts: 3
"Corrupted" packages in my own custom repository
Hello, I've created my own pacman package repository for me and a few of my friends.
I've copied some PKGBUILDs and their required files from the AUR and generated the .db and .files with repo-add but when I try to install one of the packages I get the message:
:: File /var/cache/pacman/pkg/maxfetch-1.0.0-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (checksum)).
Do you want to delete it? [Y/n]I created the PKGBUILD for this particular package, and added sha256sums for each of its files. In makepkg it said all files passed, so could someone tell me what's wrong here, and give me some advice please?
Offline
#2 2023-04-26 07:22:01
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 23,603
Re: "Corrupted" packages in my own custom repository
You need to properly sign the package itself or disable signature checking for your custom repo: https://wiki.archlinux.org/title/Pacman/Package_signing
Online
#3 2023-04-26 07:40:23
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,487
- Website
Re: "Corrupted" packages in my own custom repository
The error says it is about the package checksums. So nothing to do with PGP signatures.
What is the sha256sum of /var/cache/pacman/pkg/maxfetch-1.0.0-1-any.pkg.tar.zst and what is it listed as in the repo (you can untar it and look at its text files).
Offline
#4 2023-04-26 08:16:56
- jtbx
- Member
- Registered: 2023-04-26
- Posts: 3
Re: "Corrupted" packages in my own custom repository
The error says it is about the package checksums. So nothing to do with PGP signatures.
What is the sha256sum of /var/cache/pacman/pkg/maxfetch-1.0.0-1-any.pkg.tar.zst and what is it listed as in the repo (you can untar it and look at its text files).
Its sha256sum is
8358aafe66a0f0e47c5154e5cd23fef3f0d92c7b7e90306e86ed32c49704ff18and it's listed as maxfetch 1.0.0-1 in the repo.
Offline
#5 2023-04-26 10:09:32
- Lone_Wolf
- Administrator
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 13,150
Re: "Corrupted" packages in my own custom repository
You're supposed to look at the desc file for maxfetch and post what value that file shows under %SHA256SUM% .
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
#6 2023-04-26 18:03:43
- jtbx
- Member
- Registered: 2023-04-26
- Posts: 3
Re: "Corrupted" packages in my own custom repository
Oh sorry, the sha256sum listed in the repo is the exact same. The error happens for all packages in my repo, even other more well-known ones from the AUR.
Offline