13 Mar
2011
13 Mar
'11
3:57 a.m.
On 13/03/11 13:24, Allan McRae wrote:
I'd like comments on where the signature should be generated. I was thinking at the end of makechrootpkg, but before upload could also work. Note that the future makepkg implementation for automatic signing is probably not appropriate for use as that would require gpg and a keyring in the chroot.
More thinking about this... the package signing probably can not be too linked to building (i.e. not in makechrootpkg) as that might be on an external build server (which should not have private keys on it). So I guess that it should be done at the time of upload. Allan