[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signing a .deb later?

Le 04/04/12 01:01, Christopher Howard a écrit :
> So, my first question: Is there some nifty command or trick to
> (properly) GPG sign a .deb package /after/ I've finished making it?


You can't sign your binary packages. What you can sign is the .dsc
(source package) and .changes (upload file). You sign them using debsign.

The "signed" way to distribute your binary packages is to set-up a
repository using e.g. reprepro and sign the _repository_ (i.e. the
Packages file in particular). Reprepro does it for you.

Of course, you need to distribute your key in a secure manner as well.

Regards, Thibaut.

Reply to: