On Sun, 30 Oct 2011 21:32:25 +0100 Tom Gundersen <teg@jklm.no> wrote:
On Sun, Oct 30, 2011 at 9:05 PM, Daniel Isenmann <daniel.isenmann@gmx.de> wrote:
As it seems that there is no real solution here, I will try to do it like Florian and Giovanni said it. Downloading the package, sign it locally and upload the signature to pkguild again.
Nevertheless we should find a solution to build signed packages on pkgbuild, otherwise we will loose our buildserver here, because I see this as a workaround and not as a solution.
I don't think signing remotely is going to be possible, also I don't see the point of it. We anyway have to download the package in order to test it, so we wouldn't really gain anything.
Not all packages have to be tested, e.g. a large rebuild against a new library version which you are sure that nothing is broken in your pakage and only needs new linking against the new library. That's only as an example.
I use a script to download, sign and upload signature, then I test the package locally before pushing it to the repos.
Mind if you can provide the script. Such a helper script would help a lot.
Just my two cents.
Cheers,
Tom