[arch-general] Pacman and package signing
Myra Nelson
myra.nelson at hughes.net
Mon Aug 29 15:12:42 EDT 2011
On Mon, Aug 29, 2011 at 13:51, Myra Nelson <myra.nelson at hughes.net> wrote:
> On Mon, Aug 29, 2011 at 12:42, Gaetan Bisson <bisson at archlinux.org> wrote:
>> [2011-08-29 12:13:29 -0500] Myra Nelson:
>>> If I sign the
>>> package with makepkg or manually with gpg --detach-sign, it creates a
>>> it creates a detached signature, .sig file. I have my key using
>>> pacman-key. When I attempt to install the package I get an error
>>> message "invalid or corrupted package (PGP signature)".
>>
>> You also need to `pacman-key --edit-key` your key and put its trust
>> level to ultimate.
>>
>>> If I manually
>>> sign the package with gpg --sign, every thing is fine.
>>
>> Not sure I understand what you mean here...
>>
>> Cheers.
>>
>> --
>> Gaetan
>>
> If I use gpg --sign instead of gpg --detach-sign the package verifies
> and installs just fine. That's what stumped me.
>
> Myra
>
>
> --
> Life's fun when your sick and psychotic!
>
As I said, I couldn't see the forest for the trees. Thank you very much.
Myra
--
Life's fun when your sick and psychotic!
More information about the arch-general
mailing list