Re: How to locally sign a package that has been built on another machine?
On Mon, 07 May 2001 17:02:39 +0200, Marc Haber <debian-mentors.lists.debian.org@marc-haber.de> wrote:
> Hi,
>
> my personal workstation is little more than an X terminal, while I do
> most of my work on a central box where my home directory is located.
> Thus, I build my packages on that central box as well. Naturally, I
> don't intend to put my GPG key on that central machine and keep it on
> the local hard disk of my personal workstation.
>
> Now, how do I sign my Debian packages with that setup? Do I see it
> correctly that it is the .dsc file for the source and the .changes
> file for the binary package that get signed, pinning the MD5 sums of
> the package files to my e-mail address?
>
> Is this straightforward as running gpg --clearsign --armor on the
> .changes and .dsc file, renaming the resulting *.changes.asc and
> *.dsc.asc to *.changes and *.dsc as dpkg-buildpackage suggests?
>
> Is this:
[snip]
> a validly signed .changes file?
>
> Any hints will be appreciated.
If its a debian box -> man debsign
Dennis
--
"Contrary to popular belief, UNIX is a user-friendly Operating
System. It's just choosy about who its friends are."
Reply to: