On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif <sc...@archlinux.org> wrote: > On 31 October 2011 02:06, Florian Pritz <bluew...@xinu.at> wrote: >> So far the only solution is to download the finished package, sign it >> locally using gpg --detach-sign <file> and then uploading the signature >> back to pkgbuild.com so commitpkg will find it. > > Did something change WRT this workflow now? I'm getting > signature-incorrect from commitpkg. I did sign like this 2 times > before (opencv and cinelerra-cv), so it did work recently. gpg > --verify outputs: > > gpg: Can't check signature: public key not found > > But this is normal, and the public key was not there for the previous > 2 times. Or was gpg --verify not there in commitpkg before? Do I now > need to import my public key on alderaan?
Is your key in your keychain on alderaan? Probably not from what this looks like. Easy to check- `gpg --list-keys 0xfoobar`. -Dan
