Re: Signing a .deb later?

To: debian-mentors@lists.debian.org
Subject: Re: Signing a .deb later?
From: Thibaut Paumard <paumard@users.sourceforge.net>
Date: Wed, 04 Apr 2012 07:55:09 +0200
Message-id: <[🔎] 4F7BE23D.8000604@users.sourceforge.net>
In-reply-to: <[🔎] 4F7B814C.20008@frigidcode.com>
References: <[🔎] 4F7B814C.20008@frigidcode.com>

Le 04/04/12 01:01, Christopher Howard a écrit :
> So, my first question: Is there some nifty command or trick to
> (properly) GPG sign a .deb package /after/ I've finished making it?

Hi,

You can't sign your binary packages. What you can sign is the .dsc
(source package) and .changes (upload file). You sign them using debsign.

The "signed" way to distribute your binary packages is to set-up a
repository using e.g. reprepro and sign the _repository_ (i.e. the
Packages file in particular). Reprepro does it for you.

Of course, you need to distribute your key in a secure manner as well.

Regards, Thibaut.

Reply to:

Follow-Ups:
- Re: Signing a .deb later?
  - From: Charles Plessy <plessy@debian.org>

References:
- Signing a .deb later?
  - From: Christopher Howard <christopher.howard@frigidcode.com>

Prev by Date: Bug#667437: RFS: 4digits/1.1-1 QA
Next by Date: Bug#667088: [Pkg-fonts-devel] Bug#667088: RFS: fonts-quattrocento/1.1-1 [ITP]
Previous by thread: Re: Signing a .deb later?
Next by thread: Re: Signing a .deb later?
Index(es):
- Date
- Thread