Re: GPG signing of debian packages

To: debian-devel@lists.debian.org
Subject: Re: GPG signing of debian packages
From: Jens Peter Secher <jps@debian.org>
Date: Sat, 15 Apr 2006 19:59:29 +0200
Message-id: <[🔎] 44413481.8080804@debian.org>
In-reply-to: <61USZ-4ty-27@gated-at.bofh.it>
References: <61SHI-1j0-29@gated-at.bofh.it> <61USZ-4ty-27@gated-at.bofh.it>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andreas Metzler wrote:

> - I personally always run dpkg-buildpackage with -uc -us and use
>   debsign -kkeyid foo_changes to sign the /final/ packages
>   afterwards. I usually build the packages more than once before
>   uploading as I often find some last-minute bug, and don't like to
>   type in my gpg-passphrase more frequently than necessary.

Or alternatively install quintuple-agent and then have a script say
~/bin/adebuild like

  #!/bin/sh
  if [ ! -n "$AGENT_SOCKET" ]; then
          eval `q-agent &`
  fi

  if [ -n "$AGENT_SOCKET" ]; then
          debuild --linda -eAGENT_SOCKET -pagpg -sgpg $*
  else
          echo Quintuple agent not found.  Using standard debuild.
          debuild $*
  fi

to build your package.  Then you only have to type your password once.

But of course, what you really should do is use pdebuild to make sure
your package will build on a clean sid system.

Cheers,
/JP
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEQTR7DuWXiv5j6KERAv/jAJ4jsu7PIeVztm9EV9xqOMUxGCz98gCgtmY6
Ont4aeVir3ut/VfCSyCxs54=
=kdL+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Upload getting lost
Next by Date: Re: Debian Light Desktop - meta package
Previous by thread: Re: GPG signing of debian packages
Next by thread: Possible conflict with XFree 4.5
Index(es):
- Date
- Thread