-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Christopher,
On 04.04.2012 01:01, Christopher Howard wrote: > So, my first question: Is there some nifty command or trick to > (properly) GPG sign a .deb package /after/ I've finished making > it? [..] but I'm not sure what the proper procedure would be. you can use debsign(1) to sign packages. However, you seem to misunderstand some concepts. .debs aren't signed, the meta-data is (e.g. the .dsc and .changes files). If you want to publish these to a private repository you offer, this signature is irrelevant to apt and such, instead the archive-wide meta-data needs to be signed (there are tools like reprepro which can help you to achieve that). This can, but does not need to be same key. - -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPe4XOAAoJEMcrUe6dgPNtlacQAJBdfRGIf/rPtoiYn84LJ6Nu niEE+a/PO8FHCPEMYqT7M2lnV3u2G6+cIS1/mKrBzkaws0aGxeeh319BH2jiSYHb SyV9nqRaO29HGGLJJJQ/Bb23CiF0CiH1V7Rpcwuk7X5/rDsgEyplQB2jGjTyD0mt AIHn94EQmNKbaMotdv5wVB40s4z5ZgNjAFc6KHpeR9H/FMEi2SHowLo1VW0K/Col zy6IKZim0wNuQRT+yhsu6OIMzjLNk/P6xCLWUEhAFoXAxs5gl42Y40p61SioFVqt FFSVJoj5aazqLnTiH70Sai76IzYE/bFNHqDwlIlFzlJIuYg3q5z8fFuZoEOyNc8q JitPJGJFCysxXNVfE0IJr5Cy1dtl9hwKqBYCkRiqPnctgjiHeIXV64hUQDnqYJHA R1nUigNXmNwxVnjrvhPo5K3BO3Cz7KOwkQvTMF887iPg6cQW0WzNzYbi85aHW9s4 +ZRYhBCvWFbuLHAHGffDEn3StbNAZAilstii0MVX725VcaJucGdRGaDSwAlnBvQ3 WjZNHcSNdHCCJ62/vwoNQbod32zMa4x7eiGemCxqyyof5Q5boAUOwgRi3S6Rec5e m7kmX8DmALvvkF81E95HwaObfemMRZNn0HMcAKUPbZBA60FK6WWqntVUi3uw3K/r w4fQG76+nXobDRFp/G5N =U9Sb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
