22 Nov
2010
22 Nov
'10
3:33 p.m.
I'd like to add $gpgsource (urls to gpg signatures of the sources) to PKGBUILDs and when building check the signatures, but I'm not sure what to do when the check fails. If the user doesn't have the key in his keyring or doesn't trust it my idea would be to display an error message and exit, but that doesn't seem practical although I think it's the right way. I also have no idea how to handle chroots. I really can't expect users to copy their keyring into the chroot, but I could add an option to makepkg.conf so you can disable the checking and wrapper scripts could then do that before chrooting (using a new --verify option maybe). C&C please. -- Florian Pritz -- {flo,bluewind}@server-speed.net