Package Details: icoextract 0.1.5-1

Git Clone URL: https://aur.archlinux.org/icoextract.git (read-only, click to copy)
Package Base: icoextract
Description: Icon extractor for Windows PE files (.exe/.dll) with optional thumbnailer functionality
Upstream URL: https://github.com/jlu5/icoextract
Licenses: MIT
Conflicts: exe-thumbnailer
Provides: exe-thumbnailer
Submitter: Nocifer
Maintainer: Nocifer
Last Packager: Nocifer
Votes: 43
Popularity: 3.49
First Submitted: 2021-04-05 10:10 (UTC)
Last Updated: 2024-05-01 08:23 (UTC)

Latest Comments

1 2 3 Next › Last »

txtsd commented on 2024-10-25 06:32 (UTC)

Can I have co-maintainer, please?

I'll help maintain this package and also add an .nvchecker.toml.

brody commented on 2024-10-23 18:58 (UTC) (edited on 2024-10-23 19:12 (UTC) by brody)

~~Please can you rename the package to python-icoextract like chapter 1 in https://wiki.archlinux.org/title/Python_package_guidelines?~~

Ignore my comment. It looks that this tool is a standalone app, isn't it?

Nocifer commented on 2024-05-13 15:14 (UTC)

@yochananmarqos Until a couple of years ago I used to prefer using git tags rather than source tarballs in all my packages, until some user(s) complained about the extra storage space and bandwidth required when using tags, so I switched over to tarballs.

I too would like to utilize that extra robustness of PGP keys, and this is in my opinion a good counterargument to said user(s) (because security >>> a few kB or mB of temp storage), so I'll see to it in the near(-ish) future that I switch back to tags again and add PGP verification in the process. Thanks for the suggestion.

yochananmarqos commented on 2024-05-01 22:44 (UTC)

@Nocifer: By adding developer PGP keys, it increases the security and validity of the package. I do that in my AUR packages whether it's a signed commit, tag or tarball. It's up to you if you want to make the change, of course.

In this case, the tarball does not have a matching signature file; i.e, .tar.gz.asc.

Nocifer commented on 2024-05-01 08:47 (UTC)

Hey @yochananmarqos, I'd be happy to do that if there is a good reason for it, otherwise for the time being I'd prefer if I avoided switching to a git-based process. AFAIK Github's source archives are generated on the fly from the actual source code, so there's no chance of any xz-like shenanigans in our case. Is there a way to use Github's GPG verification with source archives of commits instead of the commits themselves?

yochananmarqos commented on 2024-04-28 21:16 (UTC)

@Nocifer: Please use the signed git tag as the source:

source=("git+https://github.com/jlu5/icoextract.git#tag=$pkgver?signed")
sha256sums=('bc0c9aa074771ff176253d9ebf631ec882776ddd71892a136e1e00a711d44253')
validpgpkeys=('D5D568B2D34AB32A337944D22EC3F60DE71C0B9D') # James Lu <james@overdrivenetworks.com>

Nocifer commented on 2023-12-30 09:27 (UTC)

@jdigi78 Done, and thanks for reporting it!

jdigi78 commented on 2023-12-30 07:12 (UTC)

If the thumbnailer appears to not be working, try icoextract-git. It's been updated with the missing MIME type. @Nocifer I'd recommend patching this pkgbuild with that change as well.