feat(dist): aarch64 honesty, Debian KWin-unit parity, cargo-audit CVE scan (P1/P2)
- spec: narrow ExclusiveArch to x86_64 — no aarch64 build is produced/published (NVENC is desktop-NVIDIA), so claiming aarch64 advertised an arch we never ship. - build-deb.sh: ship punktfunk-kde-session.service (ExecStart repointed to the packaged run-headless-kde.sh) + host.env.kde, matching the RPM/Arch — the deb README's "mirrors the Fedora RPM" claim now holds. - audit.yml: weekly + Cargo.lock-change `cargo audit` over the network-facing crypto dep tree (RustSec advisories); ignore unfixables via .cargo/audit.toml. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -31,8 +31,10 @@ URL: https://git.unom.io/unom/punktfunk
|
||||
# COPR SCM builds provide the checkout; for a tarball build, drop a git archive here:
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
|
||||
# punktfunk-host is Linux-only and links system FFmpeg/PipeWire/Opus.
|
||||
ExclusiveArch: x86_64 aarch64
|
||||
# punktfunk-host is Linux-only and links system FFmpeg/PipeWire/Opus. x86_64 only for now: encode
|
||||
# is NVENC (desktop NVIDIA) and no aarch64 build is produced/published by CI — claiming aarch64
|
||||
# here would advertise an arch we never ship. Re-add aarch64 once there's an arm64 build leg.
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
# The zerocopy FFI links the NVIDIA driver's libcuda.so.1; rpm's auto-dep generator would turn
|
||||
# that into a hard Requires on libcuda.so.1 (and we never want to pin the driver — NVENC/EGL come
|
||||
|
||||
Reference in New Issue
Block a user