[arch-dev-public] Finalizing the package signing process

Tom Gundersen teg at jklm.no
Sun Oct 30 16:32:25 EDT 2011

On Sun, Oct 30, 2011 at 9:05 PM, Daniel Isenmann <daniel.isenmann at gmx.de> wrote:
> As it seems that there is no real solution here, I will try to do it
> like Florian and Giovanni said it. Downloading the package, sign it
> locally and upload the signature to pkguild again.
> Nevertheless we should find a solution to build signed packages on
> pkgbuild, otherwise we will loose our buildserver here, because I see
> this as a workaround and not as a solution.

I don't think signing remotely is going to be possible, also I don't
see the point of it. We anyway have to download the package in order
to test it, so we wouldn't really gain anything.

I use a script to download, sign and upload signature, then I test the
package locally before pushing it to the repos.

Just my two cents.



More information about the arch-dev-public mailing list