unom/punktfunk
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 4 Wiki Activity

feat(dist): aarch64 honesty, Debian KWin-unit parity, cargo-audit CVE scan (P1/P2)

Browse Source 
- spec: narrow ExclusiveArch to x86_64 — no aarch64 build is produced/published (NVENC is
  desktop-NVIDIA), so claiming aarch64 advertised an arch we never ship.
- build-deb.sh: ship punktfunk-kde-session.service (ExecStart repointed to the packaged
  run-headless-kde.sh) + host.env.kde, matching the RPM/Arch — the deb README's "mirrors the
  Fedora RPM" claim now holds.
- audit.yml: weekly + Cargo.lock-change `cargo audit` over the network-facing crypto dep tree
  (RustSec advisories); ignore unfixables via .cargo/audit.toml.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Enrico Bühler
2026-06-15 10:34:32 +00:00
parent 4b6eaa8cf3
commit 837b6fabb1
3 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packaging/rpm/punktfunk.spec
+4 -2
View File
@@ -31,8 +31,10 @@ URL: https://git.unom.io/unom/punktfunk
# COPR SCM builds provide the checkout; for a tarball build, drop a git archive here:
Source0: %{name}-%{version}.tar.gz
# punktfunk-host is Linux-only and links system FFmpeg/PipeWire/Opus.
ExclusiveArch: x86_64 aarch64
# punktfunk-host is Linux-only and links system FFmpeg/PipeWire/Opus. x86_64 only for now: encode
# is NVENC (desktop NVIDIA) and no aarch64 build is produced/published by CI — claiming aarch64
# here would advertise an arch we never ship. Re-add aarch64 once there's an arm64 build leg.
ExclusiveArch: x86_64
# The zerocopy FFI links the NVIDIA driver's libcuda.so.1; rpm's auto-dep generator would turn
# that into a hard Requires on libcuda.so.1 (and we never want to pin the driver — NVENC/EGL come