On 12 November 2011 07:35, Dan McGee <dpmc...@gmail.com> wrote: > On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif <sc...@archlinux.org> wrote: >> On 31 October 2011 02:06, Florian Pritz <bluew...@xinu.at> wrote: >>> So far the only solution is to download the finished package, sign it >>> locally using gpg --detach-sign <file> and then uploading the signature >>> back to pkgbuild.com so commitpkg will find it. >> >> Did something change WRT this workflow now? I'm getting >> signature-incorrect from commitpkg. I did sign like this 2 times >> before (opencv and cinelerra-cv), so it did work recently. gpg >> --verify outputs: >> >> gpg: Can't check signature: public key not found >> >> But this is normal, and the public key was not there for the previous >> 2 times. Or was gpg --verify not there in commitpkg before? Do I now >> need to import my public key on alderaan? > > Is your key in your keychain on alderaan? Probably not from what this > looks like. Easy to check- `gpg --list-keys 0xfoobar`. > > -Dan >
Nope. That was what I was asking - whether I need to add it. The last 2 times that I pushed signed packages from alderaan I didn't do anything gpg-related remotely. Anyway, imported the key now so all is good again. -- GPG/PGP ID: C0711BF1