I've recently written a paragraph on how to build Arch Linux packages on pkgbuild.com (a.k.a. soyuz):
https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#Remote_build_on_PKGBUILD.com
To perform the complete operation on soyuz, we need to forward the
gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP
/ Web of Trust security model: for a person with root access to soyuz,
the private key is only one passphrase away.
Thoughts?
As I understand it for now, the full-PGP way to package on soyuz is to
only run extra-x86_64-build there.
All other operations can be run locally. The only area where I'm left
in the dark is the "archrelease" step of "communitypkg": what's the
equivalent on a foreign distribution?
--
Pierre Neidhardt
signature.asc
Description: PGP signature
