Worm - a floating, tag based window manager

Indeed, it’s the issue here:

In the meanwhile you can use the worm-git package.

1 Like

Yep that worked just fine. :+1:

1 Like

@codic12 @lucidae Done.

3 Likes

Thanks @moson.
@codic12 You mentioned a community edition earlier, how is that coming along?

@codic12
i got 100% success with worm. thanks a lot. still need to put the helpers in place. right now i dont have a way to exit. so got to F2 login and reboot. :+1:

will post the screenshot once i got everything working.

1 Like

You can bind something to pkill worm, which will exit the session.

1 Like

I’ve just started proper work on it, now that v0.1 is released. Thread: Community Edition - worm

btw, @manuel, would it be possible to review the tagged pkgbuild created by moson so that it can be added to repos for community edition? :sweat_smile:

1 Like

Tldr
Is there a link to the pkgbuild? Are there any specifics to review?
Could do that probably tomorrow.

https://aur.archlinux.org/packages/worm/ this AUR package. nothing specific, just to make sure it’s safe to include in the repositories so that that can be done.

1 Like

I’m right handed so i like em on the right! Left is just odd! :innocent:

1 Like

feeling very sorry to kill a worm. i am vegan here. jk

learning new things from you @codic12

1 Like

Seems the sha sum changed again. :thinking:
I’ve pushed 0.1.0-3

@codic12 Better create a new version, (e.g. 0.1.1) after any changes. Otherwise the package will break since the sums won’t match (and I won’t notice). With a new release/tag I get notifications from github and can take action…

3 Likes

PKGBUILD looks OK to me.

The only theoretical doubt is the nim makedepend, it is regadred as High risk for security:

$ arch-audit 
nim is affected by multiple issues. High risk!

But I guess I can live with it. :wink:

So, just tell me when this is needed in our repo.

I’ll create a new version next time, but I didn’t upload anything new to v0.1 branch. not sure why this happened

1 Like

Seems to be these two bugs:

In Nim, the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(“http://localhost\0hello”).hostname is set to “localhost\0hello”. Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(“http://localhost\0hello”) makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a server-side request forgery (SSRF) attack.

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. (from libzip)

Worm doesn’t use either, so it’s fine :wink:

2 Likes

So is worm now ready to be added to our repo?

1 Like

Is the AUR package ok? I’m getting validation errors, even after refreshing mirrors and lowering the -a value for synchronization age. The SHA sum might not have propagated?

Here’s output from paru:

:: Downloading PKGBUILDs...
 PKGBUILDs up to date
 nothing new to review
fetching devel info...
==> Making package: worm 0.1.0-2 (Tue 14 Dec 2021 09:52:00 AM PST)
==> Retrieving sources...
  -> Found worm-0.1.0.tar.gz
==> Validating source files with sha512sums...
    worm-0.1.0.tar.gz ... FAILED
==> ERROR: One or more files did not pass the validity check!
error: failed to download sources for 'worm-0.1.0-2': 
error: packages failed to build: worm-0.1.0-2

ah, forgot .SRCINFO…
Try now :wink:

1 Like

Ok, that was speedy @moson! And the mirror I hit had the update already. Got worm installed, no validation errors of the package. I’ll check this out later when I have some free time.

Looking forward to future AUR updates. Thank @codic12 everyone!

2 Likes

Because there is no mirror :wink: