[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages getting created without signature

Storing your passphrase in a file or ENV variable is never "safe" as told in
documents and by mentors.

but what if you want to enter the passphrase number of times or you want a
cron job or a script to do use gpg?

than here's what i found:
gpg's default home dir is ~/.gunpg (you can change it using --homedir
option, using this option will,  upto some extent provides at-least some
security as no one knows where your default directory is)
create a file gpg.conf in that folder and edit it to contain text as
"passphrase <your-passphrase>"

thats all is required.


Michael Lamothe wrote:
> I think that the -k is used to specify which key to use.  You can have
> multiple GPG keys.
> I don't know the "safe" way to do what you're asking.  But if you find
> out please let me know. :)
> Thanks,
> Michael
> On 13/12/2007, cobaco (aka Bart Cornelis) <cobaco@linux.be> wrote:
>> On Thursday 13 December 2007, iluvlinux wrote:
>> > but one more information i need is i have to give -k option to
>> > dpkg-buildpackage command
>> >
>> > ie  $ dpkg-buildpackage -rfakeroot -k<KEY> -sgpg
>> <nitpick>
>> the '-rfakeroot' is no longer necessary when using dpkg >= 1.14.7, as in
>> that case dpkg will use fakeroot by default if present
>> </nitpick>
>> --
>> Cheers, cobaco (aka Bart Cornelis)
> -- 
> To UNSUBSCRIBE, email to debian-mentors-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

View this message in context: http://www.nabble.com/Packages-getting-created-without-signature-tp14292654p14331749.html
Sent from the debian-mentors mailing list archive at Nabble.com.

Reply to: