On 12 November 2011 07:35, Dan McGee <dpmcgee@gmail.com> wrote:
On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif <schiv@archlinux.org> wrote:
On 31 October 2011 02:06, Florian Pritz <bluewind@xinu.at> wrote:
So far the only solution is to download the finished package, sign it locally using gpg --detach-sign <file> and then uploading the signature back to pkgbuild.com so commitpkg will find it.
Did something change WRT this workflow now? I'm getting signature-incorrect from commitpkg. I did sign like this 2 times before (opencv and cinelerra-cv), so it did work recently. gpg --verify outputs:
gpg: Can't check signature: public key not found
But this is normal, and the public key was not there for the previous 2 times. Or was gpg --verify not there in commitpkg before? Do I now need to import my public key on alderaan?
Is your key in your keychain on alderaan? Probably not from what this looks like. Easy to check- `gpg --list-keys 0xfoobar`.
-Dan
Nope. That was what I was asking - whether I need to add it. The last 2 times that I pushed signed packages from alderaan I didn't do anything gpg-related remotely. Anyway, imported the key now so all is good again. -- GPG/PGP ID: C0711BF1