[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: signing packages from a different machine



On Wed, 22 Aug 2007 10:46:38 -0400
Kamaraju S Kusumanchi <kamaraju@bluebottle.com> wrote:

> Hi
>     I have access to two machines - say machine A, machine B. On machine A
> when I build a package, I can automatically sign the package as needed.
> However now I am sitting at a friends machine (machine B) and built a
> package using pdebuild. But I am not sure how to sign this package.

If you do not have sole access to root on that machine, it's best not
to have your secret key on it so it's best not to sign.

Use the '-uc' '-us' switches or put the data into .pbuilderrc
AUTO_DEBSIGN=no

You don't have to sign every build you do on every machine - you only
need to sign the one build that is going to be uploaded. As none of
your sponsors are even remotely interested in the
architecture-dependent binaries and only really care about
the .dsc, .orig.tar.gz and (if not native) the .diff.gz, there is no
need to worry about signing builds on different architectures. It's
good to do but it isn't relevant to sponsoring, normally.

> What should I do? Should I copy the secret key from machine A to machine B?

Not if that machine is not secure.

> or should I copy the .dsc, .changes files from machine B to machine A and
> sign there? I looked in maint-guide, developers-reference, debian-reference
> but could not find any suggestions there.

apt-get install devscripts
man debrsign

-- 


Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/

Attachment: pgpo2lg6eosAD.pgp
Description: PGP signature


Reply to: