[arch-projects] [devtools] [PATCH 0/2] makechrootpkg: Allow signing packages inside chroot

Patrick Burroughs (Celti) celti at celti.name
Sun May 1 17:44:15 UTC 2016

This pair of patches works to allow makepkg to sign packages inside
makechrootpkg; something that while perhaps not useful for the Arch
packaging toolchain itself, is immensely helpful to getting all of us
unofficial packagers in the community doing both signed packages and
clean builds.

The first patch adds an option to makechrootpkg that translates into
--setenv on systemd-nspawn; the second passes necessary variables
through sudo over to makepkg and thus to gpg.

To make it all work, call makechrootpkg (or the appropriate archbuild
alias) with the following arguments:
 -d "$HOME/.gnupg/S.gpg-agent:/build/.gnupg/S.gpg-agent"
 -e "GPG_TTY=$(tty)"

This will pass the agent socket into the chroot, tell gpg where to tell
the agent to start the pinentry, and works quite well both in X and on
the terminal.

Patrick Burroughs (Celti) (2):
  allow passing --setenv to nspawn
  let sudo pass DISPLAY and GPG_TTY to builduser

 makechrootpkg.in | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)


More information about the arch-projects mailing list