LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Arch
User Name
Password
Arch This Forum is for the discussion of Arch Linux.

Notices

Reply
 
Search this Thread
Old 03-22-2011, 12:38 PM   #1
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,192
Blog Entries: 23

Rep: Reputation: 278Reputation: 278Reputation: 278
How do I use paccheck?


Hi,

Okay, let's wisper this: arch does not have package signing...
Paccheck should (in theory) be able to help out, by sniffing out bad mirrors.

I use the mirrorlist that came out of the box, but only the german ones (they seemed fastest). I did not have sudo installed (now, I have) (security, I could be wrong about this, but hey) - now when I enter

Quote:
sudo /usr/bin/local/paccheck
I read that I'm not in the sudoers file. When I do put myself in there, paccheck can not be found. I did install the thing:

Quote:
install /home/User/dlfolder/paccheck-0.8.12 /usr/local/bin/paccheck
as root (of course)

So, is paccheck bogus? What am I doing wrong (obviously, something, I just dont know what) or is paccheck simply not needed?

Tnx 4 some help

Thor
 
Old 03-22-2011, 01:45 PM   #2
reed9
Member
 
Registered: Jan 2009
Location: Boston, MA
Distribution: Arch Linux
Posts: 653

Rep: Reputation: 141Reputation: 141
Quote:
install /home/User/dlfolder/paccheck-0.8.12 /usr/local/bin/paccheck
Based on the file name from the AUR, I think this should be
Code:
install /home/User/dlfolder/paccheck-0.8.12.sh /usr/local/bin/paccheck
Personally, I prefer to make things packages, so I would use the AUR.

Code:
mkdir paccheck
cd paccheck
wget http://aur.archlinux.org/packages/paccheck/PKGBUILD
makepkg -si
Once installed, usage is detailed here.

Last edited by reed9; 03-22-2011 at 02:52 PM.
 
Old 03-22-2011, 01:55 PM   #3
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,192
Blog Entries: 23

Original Poster
Rep: Reputation: 278Reputation: 278Reputation: 278
Hey reed9!

Tnx! The kitten lives...it told me some mirrors failed to respond (no such file or directory) maybe some tweaking from my end is needed...

Okay, on to the link-and-info you've provided!

Cheers!

Thor
 
Old 03-24-2011, 08:33 AM   #4
IgnorantGuru
LQ Newbie
 
Registered: Feb 2011
Location: 11,000 feet
Posts: 14

Rep: Reputation: 12
Sorry I missed your question in this thread - glad you got it sorted out.

On the package signing issue, LWN.net just published a comprehensive article, which mentions paccheck as well. Linux Today also picked this up last month, so it's good to see the issue getting increased visibility.
 
Old 03-24-2011, 10:49 AM   #5
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,192
Blog Entries: 23

Original Poster
Rep: Reputation: 278Reputation: 278Reputation: 278
Hey IgnorantGuru!

Well, you just found my earlier post. At that time I was not even beyond the install...the real nitty-gritty came later. You helped me out on that. Today (weekend at best?) a full sysupdate is in order.
To be quite honest, I was waiting for something to assure me of clean packages, but did'nt know what...well, now I know. You saved me from a distro-hop!!

If I can help to increase the footprint...lemme know!

Thor
 
Old 04-02-2011, 09:16 AM   #6
Bratmon
Member
 
Registered: Jul 2009
Location: 75.126.162.205:80
Distribution: ubuntu 10.04 / Arch
Posts: 296
Blog Entries: 3

Rep: Reputation: 50
I would like to add this link to the record as a response to IgnorantGuru:
http://www.toofishes.net/blog/real-s...ckage-signing/
 
Old 04-02-2011, 10:04 AM   #7
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,192
Blog Entries: 23

Original Poster
Rep: Reputation: 278Reputation: 278Reputation: 278
Hey Bratmon!

I read the post...as far as I can see: Arch and Pacman are great pieces of software. The idea of compromised software ending up on the hard drive is a scary one (I for one should know, in windows, that WAS the main scare all the time) and I see paccheck as a great "in the mean time" and a wonderful tool to check the validity of the mirrors. As far as I can see, it is a way to take the pressure off the package signing until that work CAN be done...

To quote some stuff
Quote:
It's just lack of manpower to make it. That's it
Well, Linux is an effort of lots of people, all (mostly?) volunteers.

Quote:
From here, shit hit the fan
Not needed, Arch is "alive" in that it is a constant work in progress.

Quote:
I challenge you to find any of us that said package signing is or was "unimportant",
No, but what I can come in to is that priorities - for the time being - lie elsewhere. So paccheck could be a great tool to act as a "lightning rod" for now. In the end, I am convinced package signing will get there...but it takes time.
I am/was a software developer. I know what it's like to be between more than two fires...

I have actively hand-picked Arch for several reasons, one being stability.

I like linux for what it is: people stuff. It (Arch, that is) helped me get to understand the inside of Linux. Something Ubuntu and Fedora (for all of their good qualities) never did, as they were not designed for that goal.

I for one stress that signing and whatever the "others" have will get there. And I'll stick around for the ride!

Thor
PS thanks for this contribution. Let me end with this thought: between two extremes lies understanding, but both extremes have to meet the other half-way.
 
  


Reply

Tags
paccheck, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT -5. The time now is 09:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration