Re: Signing a .deb later?

To: debian-mentors@lists.debian.org
Subject: Re: Signing a .deb later?
From: Arno Töll <arno@debian.org>
Date: Wed, 04 Apr 2012 01:20:46 +0200
Message-id: <[🔎] 4F7B85CE.1060202@debian.org>
In-reply-to: <[🔎] 4F7B814C.20008@frigidcode.com>
References: <[🔎] 4F7B814C.20008@frigidcode.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christopher,

On 04.04.2012 01:01, Christopher Howard wrote:
> So, my first question: Is there some nifty command or trick to 
> (properly) GPG sign a .deb package /after/ I've finished making
> it? [..] but I'm not sure what the proper procedure would be.


you can use debsign(1) to sign packages. However, you seem to
misunderstand some concepts. .debs aren't signed, the meta-data is
(e.g. the .dsc and .changes files).

If you want to publish these to a private repository you offer, this
signature is irrelevant to apt and such, instead the archive-wide
meta-data needs to be signed (there are tools like reprepro which can
help you to achieve that). This can, but does not need to be same key.


- -- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPe4XOAAoJEMcrUe6dgPNtlacQAJBdfRGIf/rPtoiYn84LJ6Nu
niEE+a/PO8FHCPEMYqT7M2lnV3u2G6+cIS1/mKrBzkaws0aGxeeh319BH2jiSYHb
SyV9nqRaO29HGGLJJJQ/Bb23CiF0CiH1V7Rpcwuk7X5/rDsgEyplQB2jGjTyD0mt
AIHn94EQmNKbaMotdv5wVB40s4z5ZgNjAFc6KHpeR9H/FMEi2SHowLo1VW0K/Col
zy6IKZim0wNuQRT+yhsu6OIMzjLNk/P6xCLWUEhAFoXAxs5gl42Y40p61SioFVqt
FFSVJoj5aazqLnTiH70Sai76IzYE/bFNHqDwlIlFzlJIuYg3q5z8fFuZoEOyNc8q
JitPJGJFCysxXNVfE0IJr5Cy1dtl9hwKqBYCkRiqPnctgjiHeIXV64hUQDnqYJHA
R1nUigNXmNwxVnjrvhPo5K3BO3Cz7KOwkQvTMF887iPg6cQW0WzNzYbi85aHW9s4
+ZRYhBCvWFbuLHAHGffDEn3StbNAZAilstii0MVX725VcaJucGdRGaDSwAlnBvQ3
WjZNHcSNdHCCJ62/vwoNQbod32zMa4x7eiGemCxqyyof5Q5boAUOwgRi3S6Rec5e
m7kmX8DmALvvkF81E95HwaObfemMRZNn0HMcAKUPbZBA60FK6WWqntVUi3uw3K/r
w4fQG76+nXobDRFp/G5N
=U9Sb
-----END PGP SIGNATURE-----

Reply to:

References:
- Signing a .deb later?
  - From: Christopher Howard <christopher.howard@frigidcode.com>

Prev by Date: Re: Bug#667092: RFS: tcng/10b-4 [RC, QA]
Next by Date: Re: Bug#667092: RFS: tcng/10b-4 [RC, QA]
Previous by thread: Re: Signing a .deb later?
Next by thread: Re: Signing a .deb later?
Index(es):
- Date
- Thread