[arch-dev-public] sign packages on alderaan (was: Finalizing the package signing process)

Ray Rashif schiv at archlinux.org
Fri Nov 11 18:31:40 EST 2011

On 31 October 2011 02:06, Florian Pritz <bluewind at xinu.at> wrote:
> So far the only solution is to download the finished package, sign it
> locally using gpg --detach-sign <file> and then uploading the signature
> back to pkgbuild.com so commitpkg will find it.

Did something change WRT this workflow now? I'm getting
signature-incorrect from commitpkg. I did sign like this 2 times
before (opencv and cinelerra-cv), so it did work recently. gpg
--verify outputs:

gpg: Can't check signature: public key not found

But this is normal, and the public key was not there for the previous
2 times. Or was gpg --verify not there in commitpkg before? Do I now
need to import my public key on alderaan?


More information about the arch-dev-public mailing list