Open prof-milki opened 9 years ago
@jordansissel any chances you are implementing this.
Just curious if this feature has been implemented, we already have a rpm-sign
something for debian would be cool too, similar to https://blog.packagecloud.io/eng/2014/10/28/howto-gpg-sign-verify-deb-packages-apt-repositories/
@bernd @jordansissel any chance taking a look at this? :-)
@jordansissel Any updates ?
I just came upon this thread because I thought I needed to sign deb packages in order create an private package repository for ubuntu/debian. This is not the case -- Ubuntu at least does not sign nor verify signatures of packages. They sign and verify repos. Therefore, creating a 'signed' repo falls onto the repo-management tool you're using (aptly in my case).
Indeed. Debian packages can be signed, but i don’t see it much in the wild. That said, I would support signed deb support and am open to someone working on it.
On Fri, Feb 1, 2019 at 11:28 PM tnishimura notifications@github.com wrote:
I just came upon this thread because I thought I needed to sign deb packages in order create an private package repository for ubuntu/debian. This is not the case -- Ubuntu at least does not sign nor verify signatures of packages. They sign and verify repos. Therefore, creating a 'signed' repo falls onto the repo-management tool you're using (aptly in my case).
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jordansissel/fpm/issues/809#issuecomment-459943528, or mute the thread https://github.com/notifications/unsubscribe-auth/AAIC6oDPkTW0kvBlW0l-kxkeOSYUxL0Yks5vJT4PgaJpZM4C73mf .
Just noticed that there is simple RPM signing support, but none yet for DEB packages.
In this case using
dpkg-sig
is certainly simpler than manual package/ar modification.Simple patch:
And an additional flag:
(It might be interesting to consolidate it into a global --sign flag. Albeit not sure if that's feasible, since --rpm-sign is a boolean :flag, but the deb version requires a keyname string.)