[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: signing packages from a different machine

2007/8/22, Kamaraju S Kusumanchi <kamaraju@bluebottle.com>:
    I have access to two machines - say machine A, machine B. On machine A
when I build a package, I can automatically sign the package as needed.
However now I am sitting at a friends machine (machine B) and built a
package using pdebuild. But I am not sure how to sign this package. The
errors from pdebuild are

pbuilder-time-stamp: 1187760442
signfile /home/raju/pbuilder/result/texmacs_1.0.6.10-2.dsc Kamaraju
Kusumanchi < kamaraju@gmail.com>
gpg: skipped "Kamaraju Kusumanchi <kamaraju@gmail.com>": secret key not
gpg: [stdin]: clearsign failed: secret key not available
debsign: gpg error occurred!  Aborting....

What should I do? Should I copy the secret key from machine A to machine B?
or should I copy the .dsc, .changes files from machine B to machine A and
sign there? I looked in maint-guide, developers-reference, debian-reference
but could not find any suggestions there.

I would recommend you not to copy your secret key to your friend's machine. A secret key is something to keep safe and secret. It would be much better to move the files to your machine and sign the packages there, or to carry your secret keys in a USB device, possibly encrypted just in case you lose it, and just using it in machines you can trust.


Reply to: