Open majewsky opened 8 years ago
Putting this on the back-burner. For Arch, there is now https://github.com/majewsky/art which takes care (among other things) of signing the packages that holo-build generates.
I could really need this for alpine. If we setup alpines abuild
as dependency of holo-build
, we can reuse the existing signing infrastructure.
What this means in detail depends on the generator.
debian
, nothing needs to be done since Debian packages are usually not signed. Debian, Ubuntu etc. just sign the repository metadata (which probably contains cryptographic checksums of the package files).pacman
, when a package file is written, and signing is configured in/etc/makepkg.conf
, rungpg --detach-sign --use-agent [-u $gpg_key] --no-armor $package_file
to produce$package_file.sig
. (This obviously doesn't work when the output file is stdout.)rpm
is a mess, I'll leave it out of the scope of this issue and do a follow-up issue later.