[pacman-dev] Sign packages and databases using dedicated scripts

Pierre Schmitz pierre at archlinux.de
Fri Apr 8 06:53:08 EDT 2011


Hi,

in their current state makepkg and repo-add have built-in functions to
sign packages or the repo database. Unfortunately we wont be able to use
neither of these in Arch Linux. That also means that this functionality
needs to be reimplemented in devtools and dbscripts. 

We cannot let makepkg sing the packages because we built packages in a
chroot environment that may even be on a different host than the
packages key. The situation with repo-add is even more complicated as
we'll need to sign a file with a key which are on different hosts. (I
was told this might be doable using ssh-/gpg-agent)

However, my point is that it would be nice to have separate scripts to
sign a package and database file. This way we could use it like this:

chroot makepkg
signpkg

Greetings,

Pierre

-- 
Pierre Schmitz, https://users.archlinux.de/~pierre


More information about the pacman-dev mailing list