[arch-dev-public] sign packages on alderaan (was: Finalizing the package signing process)
Ray Rashif
schiv at archlinux.org
Fri Nov 11 18:31:40 EST 2011
On 31 October 2011 02:06, Florian Pritz <bluewind at xinu.at> wrote:
> So far the only solution is to download the finished package, sign it
> locally using gpg --detach-sign <file> and then uploading the signature
> back to pkgbuild.com so commitpkg will find it.
Did something change WRT this workflow now? I'm getting
signature-incorrect from commitpkg. I did sign like this 2 times
before (opencv and cinelerra-cv), so it did work recently. gpg
--verify outputs:
gpg: Can't check signature: public key not found
But this is normal, and the public key was not there for the previous
2 times. Or was gpg --verify not there in commitpkg before? Do I now
need to import my public key on alderaan?
--
GPG/PGP ID: C0711BF1
More information about the arch-dev-public
mailing list