Package Details: gmid 2.1.1-2

Git Clone URL: https://aur.archlinux.org/gmid.git (read-only, click to copy)
Package Base: gmid
Description: Fast Gemini server written with security in mind.
Upstream URL: https://gmid.omarpolo.com
Keywords: gemini server
Licenses: ISC
Conflicts: gmid-bin, gmid-git
Submitter: andreafeletto
Maintainer: dcreager (shtrophic)
Last Packager: shtrophic
Votes: 5
Popularity: 0.126201
First Submitted: 2021-04-24 15:57 (UTC)
Last Updated: 2024-11-15 15:02 (UTC)

Latest Comments

1 2 Next › Last »

shtrophic commented on 2024-08-04 11:56 (UTC) (edited on 2024-08-04 12:24 (UTC) by shtrophic)

About telescope: I don't use that software so I won't maintain its PKGBUILD. There is nothing stopping you from adopting it and learning. You can look at the incremental diffs of PKGBUILDS (for example, for gmid) and see yourself how you could keep telescope up to date.

shtrophic commented on 2024-08-04 11:54 (UTC)

Thanks for the hint. I've included contrib and ChangeLog in /usr/share/doc/gmid.

m040601 commented on 2024-08-04 09:25 (UTC) (edited on 2024-08-04 09:36 (UTC) by m040601)

45         install -Dm644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname"
46         install -Dm644 README.md -t "$pkgdir/usr/share/doc/$pkgname"

$ wget https://ftp.omarpolo.com/gmid-2.1.tar.gz $ tar tf gmid-2.1.tar.gz gmid-2.1

  1. There is a very usefull "Changelog" there. Can you make sure it also lands in
/usr/share/doc/gmid/Changelog

Thanks in advance.

  1. There is also a folder "contrib"

As the author explains there, 'gmid-2.1/contrib/README'


This directory is for additional contributed files which may be useful.

Dockerfile
>       Sample Dockerfile to build alpine-based gmid images.
gencert
>       Simple shell script to generate self-signed certificates.
gmid.service
>       Simple systemd service file.
gmid.sysusers
>       Sample systemd-sysusers' config file.
mime.types
>       A copy of OpenBSD' /usr/share/misc/mime.types to be included within a `types' block.
renew-certs
>       Flexible script meant to be run in a cronjob to watch for cert expiration
vim
>       Syntax highlighting of gmid configuration for vim, to be

In my opinion it should also land in

/usr/share/doc/gmid/contrib/xyzz

m040601 commented on 2024-08-04 09:09 (UTC)

By the same author of "gmid", Omar Polo, there is also the excelent and well updated telescope gemini client.

https://telescope-browser.org/

He, Omar, was maintaing the Arch PKGBUILDS,

  • https://aur.archlinux.org/packages/telescope
  • https://aur.archlinux.org/packages/telescope-git
  • https://aur.archlinux.org/packages/telescope-bin

But then, dont know why? abandoned them. Maybe because he is an Openbsd user ?

Anyone interested in adopting them ? I dont yet have the AUR/PKGBUILD skills to properly maintain them myself.

dcreager commented on 2024-06-30 21:42 (UTC)

fyi to the community that I've added Sir-Photch as a co-maintainer for this package

dcreager commented on 2024-06-30 21:38 (UTC)

Thanks Sir-Photch! I've never used signify before, but it seems worthwhile to verify the tarball signature using upstream's preferred method. I appreciate you putting together the patch to check it.

shtrophic commented on 2024-06-12 14:56 (UTC) (edited on 2024-06-12 15:10 (UTC) by shtrophic)

The patch to verify the tarball can look something like this:

diff --git a/PKGBUILD b/PKGBUILD
index ffb00f1..ce8679c 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,18 +8,26 @@ pkgdesc='Fast Gemini server written with security in mind.'
 arch=('x86_64')
 url='https://gmid.omarpolo.com'
 license=('ISC')
+makedepends=('signify')
 depends=('libretls' 'libbsd')
 conflicts=('gmid-git' 'gmid-bin')
+_signkey=gmid-2.0.pub
 source=(
    "https://ftp.omarpolo.com/$pkgname-$pkgver.tar.gz"
+   "$pkgname-$pkgver.sha256.signature::https://ftp.omarpolo.com/$pkgname-$pkgver.sha256.sig"
+   "https://github.com/omar-polo/$pkgname/releases/download/$pkgver/$_signkey"
    "gmid.service"
    "gmid.conf"
 )
-sha256sums=(
-   '3328ebf277c597e175762089d38767adae13d70b7c2624ede738ec7108272539'
-   '61450ba6fb7283b03f099e5172cf4e64bf40093ad2bd126b7915940d40922c9a'
-   '4d943727a57dbf5f246963c0f90ccc54919cc2296538457e6b16f29f7580d9d6'
-)
+sha256sums=('3328ebf277c597e175762089d38767adae13d70b7c2624ede738ec7108272539'
+            'SKIP'
+            'SKIP'
+            '61450ba6fb7283b03f099e5172cf4e64bf40093ad2bd126b7915940d40922c9a'
+            '4d943727a57dbf5f246963c0f90ccc54919cc2296538457e6b16f29f7580d9d6')
+
+prepare() {
+   signify -C -p $_signkey -x "$pkgname-$pkgver.sha256.signature"
+}

 build() {
    cd "$srcdir/$pkgname-$pkgver"

Reference: https://wiki.archlinux.org/title/User:Kpcyrd/Signify_package_guidelines and https://gmid.omarpolo.com/

Alternatively, you might also store the signing key inline in the PKGBUILD. Depends on whether or not you like github I guess.

shtrophic commented on 2024-05-23 08:11 (UTC)

The developer provides signify signatures for their tarball checksums. AFAIK PKGBUILDS don't support signify as they do gpg signatures, would you think it is possible for prepare() to check against that signature? Or does anybody know if verifying signify signatures that way provides no security benefits?

dcreager commented on 2023-05-15 14:48 (UTC)

The current version is still up to date but I've adopted the package and can update the PKGBUILD for new versions moving forward.

m040601 commented on 2023-04-14 10:27 (UTC)

Such a usefull and polished nice gemini server

Pity that the maintainer of this PKGBUILD decided to abandon all 3 versions of it.

Anyone interested in adopting them ? I dont yet have the AUR/PKGBUILD skills to properly maintain them myself.