[arch-dev-public] sign packages on alderaan (was: Finalizing the package signing process)
dpmcgee at gmail.com
Fri Nov 11 18:35:15 EST 2011
On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif <schiv at archlinux.org> wrote:
> On 31 October 2011 02:06, Florian Pritz <bluewind at xinu.at> wrote:
>> So far the only solution is to download the finished package, sign it
>> locally using gpg --detach-sign <file> and then uploading the signature
>> back to pkgbuild.com so commitpkg will find it.
> Did something change WRT this workflow now? I'm getting
> signature-incorrect from commitpkg. I did sign like this 2 times
> before (opencv and cinelerra-cv), so it did work recently. gpg
> --verify outputs:
> gpg: Can't check signature: public key not found
> But this is normal, and the public key was not there for the previous
> 2 times. Or was gpg --verify not there in commitpkg before? Do I now
> need to import my public key on alderaan?
Is your key in your keychain on alderaan? Probably not from what this
looks like. Easy to check- `gpg --list-keys 0xfoobar`.
More information about the arch-dev-public