Re: signed packages documentation

To: gdt%lexort.com@localhost
Subject: Re: signed packages documentation
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Thu, 23 Jul 2020 23:37:15 +0200 (CEST)

> It seems the easiest path is:
>
>   on builder, create a keyring with gpg2 and generate a key
>
>   put that keyring and key id in GPG_KEYRING_SIGN and GPG_SIGN_AS
>
>   set GPG to /usr/pkg/bin/pgp2

There's a typo there?  Should have been /usr/pkg/bin/gpg2?

However, if you

>   build packages normally

using pbulk, the above path to gpg2 is problematic, because pbulk
will remove all installed packages in the "default path" to
provide a pristine environment with only the required and
declared dependent packages prior to each pkg build.

So you need to install gpg2 elsewhere, using a different prefix
and a different pkg database.  If you installed pbulk into
(chroot)/usr/pbulk, and the pkg database is the same, that could
be re-used for the gnupg2 package.

Regards,

- Håvard

Follow-Ups:
- Re: signed packages documentation
  - From: Greg Troxel

References:
- signed packages documentation
  - From: Greg Troxel
- Re: signed packages documentation
  - From: Joerg Sonnenberger
- Re: signed packages documentation
  - From: Greg Troxel

Prev by Date: Re: signed packages documentation
Next by Date: Re: signed packages documentation
Previous by Thread: Re: signed packages documentation
Next by Thread: Re: signed packages documentation
Indexes:

Home | Main Index | Thread Index | Old Index