Re: signing packages from a different machine
2007/8/22, Kamaraju S Kusumanchi <email@example.com>:
I have access to two machines - say machine A, machine B. On machine A
when I build a package, I can automatically sign the package as needed.
However now I am sitting at a friends machine (machine B) and built a
package using pdebuild. But I am not sure how to sign this package. The
errors from pdebuild are
signfile /home/raju/pbuilder/result/texmacs_184.108.40.206-2.dsc Kamaraju
gpg: skipped "Kamaraju Kusumanchi <firstname.lastname@example.org>": secret key not
gpg: [stdin]: clearsign failed: secret key not available
debsign: gpg error occurred! Aborting....
What should I do? Should I copy the secret key from machine A to machine B?
or should I copy the .dsc, .changes files from machine B to machine A and
sign there? I looked in maint-guide, developers-reference, debian-reference
but could not find any suggestions there.
I would recommend you not to copy your secret key to your friend's machine. A secret key is something to keep safe and secret. It would be much better to move the files to your machine and sign the packages there, or to carry your secret keys in a USB device, possibly encrypted just in case you lose it, and just using it in machines you can trust.