On Sun, Oct 30, 2011 at 9:05 PM, Daniel Isenmann <daniel.isenmann@gmx.de> wrote:
As it seems that there is no real solution here, I will try to do it like Florian and Giovanni said it. Downloading the package, sign it locally and upload the signature to pkguild again.
Nevertheless we should find a solution to build signed packages on pkgbuild, otherwise we will loose our buildserver here, because I see this as a workaround and not as a solution.
I don't think signing remotely is going to be possible, also I don't see the point of it. We anyway have to download the package in order to test it, so we wouldn't really gain anything. I use a script to download, sign and upload signature, then I test the package locally before pushing it to the repos. Just my two cents. Cheers, Tom