Package Details: python314 3.14.2-1

Git Clone URL: https://aur.archlinux.org/python314.git (read-only, click to copy)
Package Base: python314
Description: Major release 3.14 of the Python high-level programming language
Upstream URL: https://www.python.org/
Licenses: PSF-2.0
Submitter: bcb
Maintainer: bcb
Last Packager: bcb
Votes: 3
Popularity: 1.32
First Submitted: 2024-12-06 15:31 (UTC)
Last Updated: 2025-12-06 14:06 (UTC)

Latest Comments

sam1k1 commented on 2026-01-08 10:22 (UTC)

Hi,

I ran into a problem with verify when installing the package.

The verify function runs before extraction of sources (https://man.archlinux.org/man/PKGBUILD.5.en), and, so it seems, before creation of the symlink of the source tarball in srcdir.

Using yay with SRCDEST set to /home/sources on my system, the source tarball is downloaded in a dedicated directory, and the cosign command in the verify function could not find the tarball.

I used an incomplete fix on PKGBUILD, making the cosign command look for the tarball in SRCDEST. I'm not familiar with makepkg and don't know all the possible locations of the source tarball. A real fix should probably look for the tarball in every possible location.

diff --git a/PKGBUILD b/PKGBUILD
index 65fbd80..d23adee 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -50,8 +50,8 @@ verify() {
     --new-bundle-format \
     --certificate-oidc-issuer 'https://github.com/login/oauth' \
     --certificate-identity 'hugo@python.org' \
-    --bundle ./Python-${pkgver}.tar.xz.sigstore \
-    ./Python-${pkgver}.tar.xz
+    --bundle ${SRCDEST}/Python-${pkgver}.tar.xz.sigstore \
+    ${SRCDEST}/Python-${pkgver}.tar.xz
 }

The same issue happens with package python315. I hope it helps! Thanks for your work!