[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG signing of debian packages

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

gregor herrmann wrote:
> On Sat, Apr 15, 2006 at 10:19:33AM +0200, davidek@ipnp.troja.mff.cuni.cz wrote:
> 
>> --------
>> dpkg-deb: building package `sshguard' in `../sshguard_1.0.0-4_all.deb'.
>>  signfile sshguard_1.0.0-4.dsc
>> gpg: skipped "Tomas Davidek <Tomas.Davidek@mff.cuni.cz>": secret key not 
>> available
>> gpg: [stdin]: clearsign failed: secret key not available
>> --------
>> The name and email address match those which I used for key generation, so 
>> this should be ok. Maybe one has to specify the sign-command (-p) in 
>> dpkg-buildpackage ? If so, how does such a command look like ? Or is 
>> there anything else wrong ?

If you're the (co-)maintainer of the package the string in
debian/control should match the string in debian/changelog and in the
uid of your key... If the "John Doe <john.doe@example.com>" doesn't
match 100% you'll get the above failure...

>>From man dpkg-buildpackage:
> 
>        -kkey-id
>               Specify a key-ID to use when signing packages.

This is only needed when the Uploader in debian/changelog doesn't match
an uid of the key (sponsoring) AFAIK.

Cheers

Luk

PS: This kind of questions should be sent to debian-mentors@lists.debian.org
- --
Luk Claes - http://people.debian.org/~luk - GPG key 1024D/9B7C328D
Fingerprint:   D5AF 25FB 316B 53BB 08E7   F999 E544 DE07 9B7C 328D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEQPrr5UTeB5t8Mo0RAuutAJ4rIa+MPpapQ0UUgokG6uXBIadEGgCgk3qY
xGmvKZajOILXoCkI5w15Sjg=
=iKYB
-----END PGP SIGNATURE-----
Reply to: