[arch-dev-public] Signoff report for [testing]
=== Signoff report for [testing] === https://www.archlinux.org/packages/signoffs/ There are currently: * 4 new packages in last 24 hours * 1 known bad package * 2 packages not accepting signoffs * 25 fully signed off packages * 102 packages missing signoffs * 20 packages older than 14 days (Note: the word 'package' as used here refers to packages as grouped by pkgbase, architecture, and repository; e.g., one PKGBUILD produces one package per architecture, even if it is a split package.) == New packages in [testing] in last 24 hours (4 total) == * audacious-plugins-3.1-4 (i686) * gtk2-2.24.8-1 (i686) * audacious-plugins-3.1-4 (x86_64) * gtk2-2.24.8-1 (x86_64) == Incomplete signoffs for [core] (24 total) == * dhcpcd-5.2.12-4 (i686) 0/2 signoffs * heirloom-mailx-12.5-3 (i686) 1/2 signoffs * isdn4k-utils-3.2p1-7 (i686) 1/2 signoffs * jfsutils-1.1.15-3 (i686) 1/2 signoffs * kernel26-lts-2.6.32.47-1 (i686) 0/2 signoffs * librpcsecgss-0.19-7 (i686) 0/2 signoffs * linux-atm-2.5.2-1 (i686) 0/2 signoffs * ppp-2.4.5-3 (i686) 0/2 signoffs * pptpclient-1.7.2-4 (i686) 0/2 signoffs * reiserfsprogs-3.6.21-4 (i686) 0/2 signoffs * rfkill-0.4-3 (i686) 1/2 signoffs * rpcbind-0.2.0-5 (i686) 1/2 signoffs * sdparm-1.06-2 (i686) 1/2 signoffs * xfsprogs-3.1.6-1 (i686) 0/2 signoffs * xinetd-2.3.14-8 (i686) 1/2 signoffs * isdn4k-utils-3.2p1-7 (x86_64) 1/2 signoffs * jfsutils-1.1.15-3 (x86_64) 1/2 signoffs * kernel26-lts-2.6.32.47-1 (x86_64) 0/2 signoffs * librpcsecgss-0.19-7 (x86_64) 0/2 signoffs * linux-atm-2.5.2-1 (x86_64) 0/2 signoffs * ppp-2.4.5-3 (x86_64) 1/2 signoffs * pptpclient-1.7.2-4 (x86_64) 1/2 signoffs * reiserfsprogs-3.6.21-4 (x86_64) 0/2 signoffs * xfsprogs-3.1.6-1 (x86_64) 0/2 signoffs == Incomplete signoffs for [extra] (76 total) == * namcap-3.2.1-1 (any) 0/2 signoffs * qt-doc-4.8.0rc1-1 (any) 0/2 signoffs * alex-2.3.5-1.3 (i686) 1/2 signoffs * alsa-plugins-1.0.24-3 (i686) 0/2 signoffs * amarok-2.4.3-2 (i686) 0/2 signoffs * audacious-plugins-3.1-4 (i686) 0/2 signoffs * avidemux-2.5.5-5 (i686) 0/2 signoffs * blender-3:2.60a-2 (i686) 0/2 signoffs * cabal-install-0.10.2-1.1 (i686) 1/2 signoffs * cmus-2.4.2-2 (i686) 0/2 signoffs * ffmpeg-2008-1 (i686) 0/2 signoffs * ffmpegthumbnailer-2.0.7-2 (i686) 0/2 signoffs * gegl-0.1.6-2 (i686) 0/2 signoffs * gstreamer0.10-ugly-0.10.18-4 (i686) 0/2 signoffs * gtk2-2.24.8-1 (i686) 0/2 signoffs * happy-1.18.6-1.2 (i686) 1/2 signoffs * jack-0.121.3-2 (i686) 0/2 signoffs * k3b-2.0.2-3 (i686) 0/2 signoffs * kdelibs-4.7.3-2 (i686) 0/2 signoffs * kdemultimedia-4.7.3-2 (i686) 0/2 signoffs * kradio-4.0.2-2 (i686) 0/2 signoffs * kwebkitpart-1.2.0-2 (i686) 0/2 signoffs * libffado-2.0.1-4 (i686) 0/2 signoffs * mediastreamer-2.7.3-4 (i686) 0/2 signoffs * miro-4.0.3-2 (i686) 0/2 signoffs * moc-20110528-4 (i686) 0/2 signoffs * mpd-0.16.5-2 (i686) 0/2 signoffs * mplayer-34283-1 (i686) 0/2 signoffs * opal-3.10.2-3 (i686) 0/2 signoffs * opencv-2.3.1-2 (i686) 0/2 signoffs * proftpd-1.3.4-1 (i686) 0/2 signoffs * pyalpm-0.5.3-1 (i686) 0/2 signoffs * pyqt-4.8.6-2 (i686) 0/2 signoffs * qt-4.8.0rc1-1 (i686) 0/2 signoffs * sox-14.3.2-4 (i686) 0/2 signoffs * tcl-8.5.11-1 (i686) 0/2 signoffs * tk-8.5.11-1 (i686) 0/2 signoffs * transcode-1.1.5-7 (i686) 0/2 signoffs * vlc-1.1.12-2 (i686) 0/2 signoffs * x264-20111030-1 (i686) 0/2 signoffs * xine-lib-1.1.19-6 (i686) 0/2 signoffs * alex-2.3.5-1.3 (x86_64) 0/2 signoffs * alsa-plugins-1.0.24-3 (x86_64) 1/2 signoffs * amarok-2.4.3-2 (x86_64) 0/2 signoffs * audacious-plugins-3.1-4 (x86_64) 0/2 signoffs * avidemux-2.5.5-5 (x86_64) 0/2 signoffs * blender-3:2.60a-2 (x86_64) 0/2 signoffs * cabal-install-0.10.2-1.1 (x86_64) 0/2 signoffs * cmus-2.4.2-2 (x86_64) 1/2 signoffs * ffmpeg-2008-1 (x86_64) 0/2 signoffs * ffmpegthumbnailer-2.0.7-2 (x86_64) 0/2 signoffs * gegl-0.1.6-2 (x86_64) 0/2 signoffs * gstreamer0.10-ugly-0.10.18-4 (x86_64) 1/2 signoffs * gtk2-2.24.8-1 (x86_64) 0/2 signoffs * happy-1.18.6-1.2 (x86_64) 0/2 signoffs * jack-0.121.3-2 (x86_64) 0/2 signoffs * k3b-2.0.2-3 (x86_64) 0/2 signoffs * kdemultimedia-4.7.3-2 (x86_64) 1/2 signoffs * kradio-4.0.2-2 (x86_64) 0/2 signoffs * kwebkitpart-1.2.0-2 (x86_64) 0/2 signoffs * libffado-2.0.1-4 (x86_64) 0/2 signoffs * mediastreamer-2.7.3-4 (x86_64) 0/2 signoffs * miro-4.0.3-2 (x86_64) 0/2 signoffs * moc-20110528-4 (x86_64) 0/2 signoffs * mplayer-34283-1 (x86_64) 1/2 signoffs * opal-3.10.2-3 (x86_64) 0/2 signoffs * opencv-2.3.1-2 (x86_64) 0/2 signoffs * proftpd-1.3.4-1 (x86_64) 0/2 signoffs * pyalpm-0.5.3-1 (x86_64) 0/2 signoffs * pyqt-4.8.6-2 (x86_64) 0/2 signoffs * sox-14.3.2-4 (x86_64) 0/2 signoffs * tcl-8.5.11-1 (x86_64) 0/2
[arch-dev-public] [signoff] kernel26-lts 2.6.32.48-1
Latest LTS kernel is in testing, Attention: - This version uses the /lib/modules/extramodules-2.6.32-lts for self compiled modules - uname -r now reports the real kernel version, like the 3.x series does please signoff for both arches greetings tpowa -- Tobias Powalowski Archlinux Developer Package Maintainer (tpowa) http://www.archlinux.org tp...@archlinux.org signature.asc Description: OpenPGP digital signature
[arch-dev-public] Integrity Check i686: core, extra, community 11-11-2011
= Integrity Check i686 of core,extra,community = Performing integrity checks... == parsing pkgbuilds == parsing db files == checking mismatches == checking archs == checking dependencies == checking makedepends == checking hierarchy == checking for circular dependencies == checking for differences between db files and pkgbuilds Missing Dependencies -- community/cpanminus -- 'perl-extutils-install=1.46' community/cpanminus -- 'perl-extutils-makemaker=6.31' community/cpanminus -- 'perl-module-build=0.36' community/haddock -- 'haskell-ghc-paths=0.1.0.8-4.1' community/mythtv -- 'qtwebkit' community/perl-data-optlist -- 'perl-scalar-list-utils' community/perl-device-gsm -- 'perl-test-simple' community/perl-local-lib -- 'perl-cpan=1.82' community/perl-local-lib -- 'perl-extutils-install=1.43' community/perl-local-lib -- 'perl-extutils-makemaker=6.42' community/perl-local-lib -- 'perl-module-build=0.36' community/perl-module-runtime -- 'perl-exporter' community/perl-module-runtime -- 'perl-parent' community/perl-package-deprecationmanager -- 'perl-carp' community/perl-package-stash -- 'perl-scalar-list-utils' community/perl-params-util -- 'perl-scalar-list-utils' community/perl-sub-install -- 'perl-scalar-list-utils' community/perl-test-fatal -- 'perl-carp' community/perl-test-fatal -- 'perl-exporter=5.57' community/perl-test-fatal -- 'perl-test-simple' Missing Makedepends - community/darcs -- 'haskell-hashed-storage0.6' community/haskell-glib -- 'haskell-gtk2hs-buildtools=0.12.1' community/perl-data-optlist -- 'perl-extutils-makemaker=6.30' community/perl-dist-checkconflicts -- 'perl-extutils-makemaker=6.31' community/perl-module-runtime -- 'perl-module-build' community/perl-module-runtime -- 'perl-test-simple' community/perl-package-deprecationmanager -- 'perl-extutils-makemaker=6.30' community/perl-package-stash -- 'perl-extutils-makemaker=6.30' community/perl-package-stash-xs -- 'perl-extutils-makemaker=6.30' community/perl-params-util -- 'perl-extutils-cbuilder=0.27' community/perl-params-util -- 'perl-extutils-makemaker=6.52' community/perl-params-util -- 'perl-pathtools' community/perl-sub-install -- 'perl-extutils-makemaker' community/perl-test-fatal -- 'perl-extutils-makemaker=6.30' community/perl-try-tiny -- 'perl-extutils-makemaker' community/perl-unicode-stringprep -- 'perl-test-simple' community/perlbrew -- 'perl-extutils-makemaker=6.42' community/perlbrew -- 'perl-file-temp' extra/alex -- 'ghc=7.0.2' extra/cabal-install -- 'ghc=7.0.2' extra/happy -- 'ghc=7.0.2' Repo Hierarchy for Dependencies - extra/archboot depends on community/squashfs-tools (0 extra (make)deps to pull) extra/banshee depends on community/dbus-sharp-glib (3 extra (make)deps to pull : dbus-sharp docbook2x perl-sgmls) extra/gnucash depends on community/aqbanking (4 extra (make)deps to pull : gwenhywfar ktoblzcheck docbook2x perl-sgmls) extra/gnucash depends on community/libdbi-drivers (4 extra (make)deps to pull : libdbi sqlite2 docbook2x perl-sgmls) extra/mod_perl depends on community/perl-linux-pid (2 extra (make)deps to pull : docbook2x perl-sgmls) extra/ruby depends on community/libyaml (0 extra (make)deps to pull) extra/tomboy depends on community/dbus-sharp (2 extra (make)deps to pull : docbook2x perl-sgmls) extra/tomboy depends on community/dbus-sharp-glib (3 extra (make)deps to pull : dbus-sharp docbook2x perl-sgmls) Repo Hierarchy for Makedepends core/ca-certificates depends on extra/python2 (197 extra (make)deps to pull) core/crda depends on extra/python-m2crypto (198 extra (make)deps to pull) core/curl depends on extra/perl-libwww (197 extra (make)deps to pull) core/dbus-core depends on extra/libx11 (197 extra (make)deps to pull) core/e2fsprogs depends on extra/bc (0 extra (make)deps to pull) core/glib2 depends on extra/python2 (197 extra (make)deps to pull) core/groff depends on extra/ghostscript (197 extra (make)deps to pull) core/groff depends on extra/netpbm (197 extra (make)deps to pull) core/groff depends on extra/psutils (197 extra (make)deps to pull) core/initscripts depends on community/asciidoc (197 extra (make)deps to pull) core/libsasl depends on extra/libmysqlclient (197 extra (make)deps to pull) core/libsasl depends on extra/postgresql-libs (197 extra (make)deps to pull) core/lilo depends on extra/bin86 (0 extra (make)deps to pull) core/lilo depends on extra/sharutils (197 extra (make)deps to pull) core/links depends on extra/libpng (0 extra (make)deps to pull) core/links depends on extra/libtiff (197 extra (make)deps to pull) core/links depends on extra/libxt (197 extra (make)deps to pull) core/linux depends on extra/docbook-xsl (197 extra (make)deps to pull) core/linux depends on extra/xmlto (197 extra (make)deps to pull) core/linux-docs depends on extra/docbook-xsl (197 extra (make)deps to
[arch-dev-public] Integrity Check x86_64: core, extra, community, multilib 11-11-2011
Warning : the repository multilib does not exist in /srv/abs/rsync/any === = Integrity Check x86_64 of core,extra,community,multilib = === Performing integrity checks... == parsing pkgbuilds == parsing db files == checking mismatches == checking archs == checking dependencies == checking makedepends == checking hierarchy == checking for circular dependencies == checking for differences between db files and pkgbuilds Missing PKGBUILDs --- /srv/abs/rsync/any/multilib Duplicate PKGBUILDs - /srv/abs/rsync/x86_64/community/skype vs. /srv/abs/rsync/x86_64/multilib/skype /srv/abs/rsync/x86_64/community/wine vs. /srv/abs/rsync/x86_64/multilib/wine Missing Dependencies -- community/cpanminus -- 'perl-extutils-install=1.46' community/cpanminus -- 'perl-extutils-makemaker=6.31' community/cpanminus -- 'perl-module-build=0.36' community/haddock -- 'haskell-ghc-paths=0.1.0.8-4.1' community/mythtv -- 'qtwebkit' community/perl-data-optlist -- 'perl-scalar-list-utils' community/perl-device-gsm -- 'perl-test-simple' community/perl-local-lib -- 'perl-cpan=1.82' community/perl-local-lib -- 'perl-extutils-install=1.43' community/perl-local-lib -- 'perl-extutils-makemaker=6.42' community/perl-local-lib -- 'perl-module-build=0.36' community/perl-module-runtime -- 'perl-exporter' community/perl-module-runtime -- 'perl-parent' community/perl-package-deprecationmanager -- 'perl-carp' community/perl-package-stash -- 'perl-scalar-list-utils' community/perl-params-util -- 'perl-scalar-list-utils' community/perl-sub-install -- 'perl-scalar-list-utils' community/perl-test-fatal -- 'perl-carp' community/perl-test-fatal -- 'perl-exporter=5.57' community/perl-test-fatal -- 'perl-test-simple' Missing Makedepends - community/darcs -- 'haskell-hashed-storage0.6' community/haskell-glib -- 'haskell-gtk2hs-buildtools=0.12.1' community/perl-data-optlist -- 'perl-extutils-makemaker=6.30' community/perl-dist-checkconflicts -- 'perl-extutils-makemaker=6.31' community/perl-module-runtime -- 'perl-module-build' community/perl-module-runtime -- 'perl-test-simple' community/perl-package-deprecationmanager -- 'perl-extutils-makemaker=6.30' community/perl-package-stash -- 'perl-extutils-makemaker=6.30' community/perl-package-stash-xs -- 'perl-extutils-makemaker=6.30' community/perl-params-util -- 'perl-extutils-cbuilder=0.27' community/perl-params-util -- 'perl-extutils-makemaker=6.52' community/perl-params-util -- 'perl-pathtools' community/perl-sub-install -- 'perl-extutils-makemaker' community/perl-test-fatal -- 'perl-extutils-makemaker=6.30' community/perl-try-tiny -- 'perl-extutils-makemaker' community/perl-unicode-stringprep -- 'perl-test-simple' community/perlbrew -- 'perl-extutils-makemaker=6.42' community/perlbrew -- 'perl-file-temp' extra/alex -- 'ghc=7.0.2' extra/cabal-install -- 'ghc=7.0.2' extra/happy -- 'ghc=7.0.2' Repo Hierarchy for Dependencies - extra/archboot depends on community/squashfs-tools (0 extra (make)deps to pull) extra/banshee depends on community/dbus-sharp-glib (3 extra (make)deps to pull : dbus-sharp docbook2x perl-sgmls) extra/gnucash depends on community/aqbanking (4 extra (make)deps to pull : gwenhywfar ktoblzcheck docbook2x perl-sgmls) extra/gnucash depends on community/libdbi-drivers (4 extra (make)deps to pull : libdbi sqlite2 docbook2x perl-sgmls) extra/mod_perl depends on community/perl-linux-pid (2 extra (make)deps to pull : docbook2x perl-sgmls) extra/ruby depends on community/libyaml (0 extra (make)deps to pull) extra/tomboy depends on community/dbus-sharp (2 extra (make)deps to pull : docbook2x perl-sgmls) extra/tomboy depends on community/dbus-sharp-glib (3 extra (make)deps to pull : dbus-sharp docbook2x perl-sgmls) Repo Hierarchy for Makedepends community/virtualbox depends on multilib/gcc-multilib (6 extra (make)deps to pull : gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc gcc-multilib lib32-gcc-libs) community/virtualbox depends on multilib/lib32-glibc (6 extra (make)deps to pull : gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc lib32-gcc-libs) community/virtualbox-archlinux-additions depends on multilib/gcc-multilib (6 extra (make)deps to pull : gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc gcc-multilib lib32-gcc-libs) community/virtualbox-archlinux-additions depends on multilib/lib32-glibc (6 extra (make)deps to pull : gcc-multilib gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc lib32-gcc-libs) community/virtualbox-archlinux-modules depends on multilib/gcc-multilib (6 extra (make)deps to pull : gcc-libs-multilib binutils-multilib gcc-ada-multilib lib32-glibc gcc-multilib lib32-gcc-libs) community/virtualbox-archlinux-modules depends on
[arch-dev-public] [signoff] linux-3.1.1-1
Hi guys, please signoff 3.1 series for both arches. greetings tpowa -- Tobias Powalowski Archlinux Developer Package Maintainer (tpowa) http://www.archlinux.org tp...@archlinux.org signature.asc Description: OpenPGP digital signature
Re: [arch-dev-public] [signoff] linux-3.1.1-1
On Fri, Nov 11, 2011 at 4:43 PM, Tobias Powalowski tobias.powalow...@googlemail.com wrote: Hi guys, please signoff 3.1 series for both arches. If you have no extra notes regarding the package, you don't need to send these emails anymore. Thanks. -Dan
Re: [arch-dev-public] sign packages on alderaan (was: Finalizing the package signing process)
On 31 October 2011 02:06, Florian Pritz bluew...@xinu.at wrote: So far the only solution is to download the finished package, sign it locally using gpg --detach-sign file and then uploading the signature back to pkgbuild.com so commitpkg will find it. Did something change WRT this workflow now? I'm getting signature-incorrect from commitpkg. I did sign like this 2 times before (opencv and cinelerra-cv), so it did work recently. gpg --verify outputs: gpg: Can't check signature: public key not found But this is normal, and the public key was not there for the previous 2 times. Or was gpg --verify not there in commitpkg before? Do I now need to import my public key on alderaan? -- GPG/PGP ID: C0711BF1
Re: [arch-dev-public] sign packages on alderaan (was: Finalizing the package signing process)
On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif sc...@archlinux.org wrote: On 31 October 2011 02:06, Florian Pritz bluew...@xinu.at wrote: So far the only solution is to download the finished package, sign it locally using gpg --detach-sign file and then uploading the signature back to pkgbuild.com so commitpkg will find it. Did something change WRT this workflow now? I'm getting signature-incorrect from commitpkg. I did sign like this 2 times before (opencv and cinelerra-cv), so it did work recently. gpg --verify outputs: gpg: Can't check signature: public key not found But this is normal, and the public key was not there for the previous 2 times. Or was gpg --verify not there in commitpkg before? Do I now need to import my public key on alderaan? Is your key in your keychain on alderaan? Probably not from what this looks like. Easy to check- `gpg --list-keys 0xfoobar`. -Dan
Re: [arch-dev-public] sign packages on alderaan (was: Finalizing the package signing process)
On 12 November 2011 07:35, Dan McGee dpmc...@gmail.com wrote: On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif sc...@archlinux.org wrote: On 31 October 2011 02:06, Florian Pritz bluew...@xinu.at wrote: So far the only solution is to download the finished package, sign it locally using gpg --detach-sign file and then uploading the signature back to pkgbuild.com so commitpkg will find it. Did something change WRT this workflow now? I'm getting signature-incorrect from commitpkg. I did sign like this 2 times before (opencv and cinelerra-cv), so it did work recently. gpg --verify outputs: gpg: Can't check signature: public key not found But this is normal, and the public key was not there for the previous 2 times. Or was gpg --verify not there in commitpkg before? Do I now need to import my public key on alderaan? Is your key in your keychain on alderaan? Probably not from what this looks like. Easy to check- `gpg --list-keys 0xfoobar`. -Dan Nope. That was what I was asking - whether I need to add it. The last 2 times that I pushed signed packages from alderaan I didn't do anything gpg-related remotely. Anyway, imported the key now so all is good again. -- GPG/PGP ID: C0711BF1
Re: [arch-dev-public] sign packages on alderaan
On 11/12/2011 01:43 AM, Ray Rashif wrote: On 12 November 2011 07:35, Dan McGee dpmc...@gmail.com wrote: On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif sc...@archlinux.org wrote: On 31 October 2011 02:06, Florian Pritz bluew...@xinu.at wrote: So far the only solution is to download the finished package, sign it locally using gpg --detach-sign file and then uploading the signature back to pkgbuild.com so commitpkg will find it. Did something change WRT this workflow now? I'm getting signature-incorrect from commitpkg. I did sign like this 2 times before (opencv and cinelerra-cv), so it did work recently. gpg --verify outputs: gpg: Can't check signature: public key not found But this is normal, and the public key was not there for the previous 2 times. Or was gpg --verify not there in commitpkg before? Do I now need to import my public key on alderaan? Is your key in your keychain on alderaan? Probably not from what this looks like. Easy to check- `gpg --list-keys 0xfoobar`. -Dan Nope. That was what I was asking - whether I need to add it. The last 2 times that I pushed signed packages from alderaan I didn't do anything gpg-related remotely. Anyway, imported the key now so all is good again. -- GPG/PGP ID: C0711BF1 don't import any key on alderaan. is a devtools requirement that a signature must exist to enforce packagers to sign their packages. Imo we should try to do that optionally on alderaan or even better, use svn commit and commitpkg only locally after copying the packages. -- IonuČ› signature.asc Description: OpenPGP digital signature
Re: [arch-dev-public] sign packages on alderaan
On Fri, Nov 11, 2011 at 5:56 PM, Ionut Biru ib...@archlinux.org wrote: On 11/12/2011 01:43 AM, Ray Rashif wrote: On 12 November 2011 07:35, Dan McGee dpmc...@gmail.com wrote: On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif sc...@archlinux.org wrote: On 31 October 2011 02:06, Florian Pritz bluew...@xinu.at wrote: So far the only solution is to download the finished package, sign it locally using gpg --detach-sign file and then uploading the signature back to pkgbuild.com so commitpkg will find it. Did something change WRT this workflow now? I'm getting signature-incorrect from commitpkg. I did sign like this 2 times before (opencv and cinelerra-cv), so it did work recently. gpg --verify outputs: gpg: Can't check signature: public key not found But this is normal, and the public key was not there for the previous 2 times. Or was gpg --verify not there in commitpkg before? Do I now need to import my public key on alderaan? Is your key in your keychain on alderaan? Probably not from what this looks like. Easy to check- `gpg --list-keys 0xfoobar`. -Dan Nope. That was what I was asking - whether I need to add it. The last 2 times that I pushed signed packages from alderaan I didn't do anything gpg-related remotely. Anyway, imported the key now so all is good again. -- GPG/PGP ID: C0711BF1 don't import any key on alderaan. Hmm? He is trying to *verify*, meaning he needs his *public* key. This has nothing to do with signing or private keys. It make a heck of a lot more sense bandwidth-wise for him to upload the signature file to alderaan than upload both the package and signature from his local machine, so why should he not be able to do that? The `gpg --verify` call is there to make sure developers don't accidentally upload mismatched packages and corresponding signature files, which could easily happen when doing test builds and --nosign, etc. -Dan
Re: [arch-dev-public] sign packages on alderaan
On 11/12/2011 01:59 AM, Dan McGee wrote: On Fri, Nov 11, 2011 at 5:56 PM, Ionut Biru ib...@archlinux.org wrote: On 11/12/2011 01:43 AM, Ray Rashif wrote: On 12 November 2011 07:35, Dan McGee dpmc...@gmail.com wrote: On Fri, Nov 11, 2011 at 5:31 PM, Ray Rashif sc...@archlinux.org wrote: On 31 October 2011 02:06, Florian Pritz bluew...@xinu.at wrote: So far the only solution is to download the finished package, sign it locally using gpg --detach-sign file and then uploading the signature back to pkgbuild.com so commitpkg will find it. Did something change WRT this workflow now? I'm getting signature-incorrect from commitpkg. I did sign like this 2 times before (opencv and cinelerra-cv), so it did work recently. gpg --verify outputs: gpg: Can't check signature: public key not found But this is normal, and the public key was not there for the previous 2 times. Or was gpg --verify not there in commitpkg before? Do I now need to import my public key on alderaan? Is your key in your keychain on alderaan? Probably not from what this looks like. Easy to check- `gpg --list-keys 0xfoobar`. -Dan Nope. That was what I was asking - whether I need to add it. The last 2 times that I pushed signed packages from alderaan I didn't do anything gpg-related remotely. Anyway, imported the key now so all is good again. -- GPG/PGP ID: C0711BF1 don't import any key on alderaan. Hmm? He is trying to *verify*, meaning he needs his *public* key. This has nothing to do with signing or private keys. It make a heck of a lot more sense bandwidth-wise for him to upload the signature file to alderaan than upload both the package and signature from his local machine, so why should he not be able to do that? The `gpg --verify` call is there to make sure developers don't accidentally upload mismatched packages and corresponding signature files, which could easily happen when doing test builds and --nosign, etc. -Dan well, i understood that he signed the package on alderaan... -- IonuČ› signature.asc Description: OpenPGP digital signature
[arch-dev-public] [away] November 12th - December 3rd
Hi all, I'm on vacation for the next three weeks (starting from now + a few hours). Perhaps one of you guys (devs/TUs) can take care of some things: - move dhcpcd to [core] when it has the required i686 signoffs - upgrade emesene to some unofficial version they have around (microsoft changed the server backend and the current version in the repos can't connect to the msn server) Thanks, that should be all. The rest of my packages are up to date (except one that was just flagged a day ago and one that has a soname bump). If you feel like updating some packages while I'm away, feel free to do so. I'll be in the tropics and most likely won't have any internet connection. Enjoy yourselves while I'm away! Cheers, Ronald