You are not logged in.
I migrated my build system to makechrootpkg.
Unfortunately I cannot build signed packages with it.
$ makechrootpkg -cr /home/buildroot -- --sign --key MYKEY
==> Synchronizing chroot copy [/home/buildroot/root] -> [build]...done
==> Making package: dynwg-git r42.5e18aa8-1 (Mon Feb 18 10:28:03 2019)
==> Retrieving sources...
-> Updating dynwg git repo...
Fetching origin
==> Validating source files with md5sums...
dynwg ... Skipped
==> ERROR: The key MYKEY does not exist in your keyring.
==> ERROR: Build failed, check /home/buildroot/build/build
So I built them without signing and wanted to sign them afterwards:
gpg -u MYKEY --output dynwg-git-r42.5e18aa8-1-any.pkg.tar.xz.sig --detach-sign dynwg-git-r42.5e18aa8-1-any.pkg.tar.xz
But packages signed this way, will be recognized as corrupted by pacman:
$ LANG=C sudo pacman -Syu
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
homeinfo is up to date
rne is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
Packages (1) dynwg-git-r42.5e18aa8-1
Total Download Size: 0.00 MiB
Total Installed Size: 0.03 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
dynwg-git-r42.5e18aa8-1-any 4.6 KiB 0.00B/s 00:00 [#############################################################################] 100%
(1/1) checking keys in keyring [#############################################################################] 100%
(1/1) checking package integrity [#############################################################################] 100%
error: dynwg-git: signature from "Richard Neumann (http://www.richard-neumann.de/) <mail at richard dash neumann period de>" is invalid
:: File /var/cache/pacman/pkg/dynwg-git-r42.5e18aa8-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
How do I correctly sign my packages with makechrootpkg?
Update;
Basically, the manual signing works.
I had a bug in the signing script I used, which wrote the signature to "*.sig.sig" instead of "*.sig".
But I'd rather know how to directly sign using makechrootpkg.
Solution:
Stick with manual signing.
Last edited by schard (2019-02-21 14:12:14)
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
The most obvious issue is that your GnuPG keyring is not available inside makechrootpkg. You'll need to figure out a workflow for signing, either by forwarding the necessary socket or bind-mounting your $GNUPGHOME.
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Thanks. But, well, that sounds more complicated than the subsequent manual signing.
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
https://lists.archlinux.org/pipermail/a … 04341.html
Technically by specifying those variables as makepkg arguments, you can export them:
makechrootpkg -d ... -- DISPLAY=...
Eaiser to avoid all that by using PKGDEST=foo, foo/* or makepkg --packagelist to retrieve the package names, then sign manually.
Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby
Offline
It is -- that is why the release scripts we use in archlinux, will instead sign the package right before rsync'ing it to the repository server.
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline