Re: Creating and signing packages
On 10/10/2014 01:29 PM, Paolo Cavallini wrote:
> Hi all.
> I have a few stupid questions about creating and signing packages:
>
> * compiling locally results in a series of changed files, whose changes I do not want
> to commit back; e.g. [0]; what is the best approach to get rid of it?
The clean target in debian/rules should clean up all the files generated
during the build.
> * I am compiling on a remote server, in a chrooted environment; I have my GPG key on
> my desktop machine; which files should I place, and where, to have the package
> signed? I originally created the chroot as root; should I change it as my normal
> user, so my gpg key will be used automatically? in this case, how to do this?
You should not develop as root. For the build steps requiring root there
is the fakeroot package. If you build the packages using pbuilder
fakeroot is automatically set up.
For signing the package you can import your private key on your server,
or copy the built results to your desktop where you can sign them
`debsign <path/to/package.changes>`.
If your desktop is not accessible from the Internet keeping your signing
key there is preferred over an Internet accessible host. To reduce the
risk of a compromise.
Kind Regards,
Bas
--
GPG Key ID: 4096R/E88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Reply to: