[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gobolinux-devel
Subject:    [gobolinux-devel] Package signing: feature request
From:       lucasvr () gobolinux ! org (Lucas C !  Villa Real)
Date:       2006-06-18 15:13:09
Message-ID: 2c03f9590606180718p12a1d070g10e91d1dcadfe664 () mail ! gmail ! com
[Download RAW message or body]

On 6/18/06, Andr? Detsch <detsch@gmail.com> wrote:
> The way things are working right now, packages compiled and packed
> with ChrootCompile are not being signed. Instead of adding support for
> signing packages withing the ChrootCompile environment (which would
> imply setting up gpg and copying the private key inside the
> environment), it sounds better to me if we could sign packages outside
> that environment (but wihout having to install the packages on the
> host system).
>
> Would it be ok to add this possibility to SignProgram? Something like
> SignProgram Glibc--2.4--i686.tar.bz2
> which unpacks the package, created the filehash+signature and repacks
> the files into a new Glibc--2.4--i686.tar.bz2?

sounds very good to me.

-- 
Lucas
powered by /dev/dsp

[prev in list] [next in list] [prev in thread] [next in thread]