[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Signing a .deb later?

Hi. I'm new to this list so let me give some introduction, to provide
some context for my questions: To be up front, I'm not a regular Debian
user... I used to be years ago, but then I fell in love with Gentoo and
the whole source-based distro paradigm. However, I run Debian in a VM
through qemu-kvm, which I am using to learn how to make .deb packages
and also to test them. In the short term, I'm simply concerned about
being able to create good .deb packages which I can upload to my Web
site, though eventually I'll trying getting some of my packages put into
Debian proper. Hopefully this is the right list for me... there are so
many Debian lists that I wasn't sure, but a Debian user directed me here.

So, my first question: Is there some nifty command or trick to
(properly) GPG sign a .deb package /after/ I've finished making it? I've
been following the "Debian New Maintainers' Guide" PDF, which seems to
be working out for me; however, I don't actually keep my code signing
keys inside the virtual machine, so when I run "dpkg-buildpackage"
certain files in the package don't get signed. I was hoping I could do
the signing on my own system after I had moved the package out of the
virtual machine, but I'm not sure what the proper procedure would be.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: