signing packages from a different machine
Hi I have access to two machines - say machine A, machine B. On machine A when I build a package, I can automatically sign the package as needed. However now I am sitting at a friends machine (machine B) and built a package using pdebuild. But I am not sure how to sign this package. The errors from pdebuild are pbuilder-time-stamp: 1187760442 signfile /home/raju/pbuilder/result/texmacs_1.0.6.10-2.dsc Kamaraju Kusumanchi <[EMAIL PROTECTED]> gpg: skipped "Kamaraju Kusumanchi <[EMAIL PROTECTED]>": secret key not available gpg: [stdin]: clearsign failed: secret key not available debsign: gpg error occurred! Aborting What should I do? Should I copy the secret key from machine A to machine B? or should I copy the .dsc, .changes files from machine B to machine A and sign there? I looked in maint-guide, developers-reference, debian-reference but could not find any suggestions there. thanks raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: signing packages from a different machine
Hi, On Wed Aug 22, 2007 at 10:46:38 -0400, Kamaraju S Kusumanchi wrote: > Hi > I have access to two machines - say machine A, machine B. On machine A > when I build a package, I can automatically sign the package as needed. > However now I am sitting at a friends machine (machine B) and built a > package using pdebuild. But I am not sure how to sign this package. The > errors from pdebuild are > > pbuilder-time-stamp: 1187760442 > signfile /home/raju/pbuilder/result/texmacs_1.0.6.10-2.dsc Kamaraju > Kusumanchi <[EMAIL PROTECTED]> > gpg: skipped "Kamaraju Kusumanchi <[EMAIL PROTECTED]>": secret key not > available > gpg: [stdin]: clearsign failed: secret key not available > debsign: gpg error occurred! Aborting > > What should I do? Should I copy the secret key from machine A to machine B? > or should I copy the .dsc, .changes files from machine B to machine A and > sign there? I looked in maint-guide, developers-reference, debian-reference > but could not find any suggestions there. debsign -k [EMAIL PROTECTED]:/path/to/changes/file.changes -- [EMAIL PROTECTED] /root]# man real-life No manual entry for real-life -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: signing packages from a different machine
2007/8/22, Kamaraju S Kusumanchi <[EMAIL PROTECTED]>: > > Hi > I have access to two machines - say machine A, machine B. On machine A > when I build a package, I can automatically sign the package as needed. > However now I am sitting at a friends machine (machine B) and built a > package using pdebuild. But I am not sure how to sign this package. The > errors from pdebuild are > > pbuilder-time-stamp: 1187760442 > signfile /home/raju/pbuilder/result/texmacs_1.0.6.10-2.dsc Kamaraju > Kusumanchi <[EMAIL PROTECTED]> > gpg: skipped "Kamaraju Kusumanchi <[EMAIL PROTECTED]>": secret key not > available > gpg: [stdin]: clearsign failed: secret key not available > debsign: gpg error occurred! Aborting > > What should I do? Should I copy the secret key from machine A to machine > B? > or should I copy the .dsc, .changes files from machine B to machine A and > sign there? I looked in maint-guide, developers-reference, > debian-reference > but could not find any suggestions there. I would recommend you not to copy your secret key to your friend's machine. A secret key is something to keep safe and secret. It would be much better to move the files to your machine and sign the packages there, or to carry your secret keys in a USB device, possibly encrypted just in case you lose it, and just using it in machines you can trust. Miry
Re: signing packages from a different machine
On Wed, 22 Aug 2007 10:46:38 -0400 Kamaraju S Kusumanchi <[EMAIL PROTECTED]> wrote: > Hi > I have access to two machines - say machine A, machine B. On machine A > when I build a package, I can automatically sign the package as needed. > However now I am sitting at a friends machine (machine B) and built a > package using pdebuild. But I am not sure how to sign this package. If you do not have sole access to root on that machine, it's best not to have your secret key on it so it's best not to sign. Use the '-uc' '-us' switches or put the data into .pbuilderrc AUTO_DEBSIGN=no You don't have to sign every build you do on every machine - you only need to sign the one build that is going to be uploaded. As none of your sponsors are even remotely interested in the architecture-dependent binaries and only really care about the .dsc, .orig.tar.gz and (if not native) the .diff.gz, there is no need to worry about signing builds on different architectures. It's good to do but it isn't relevant to sponsoring, normally. > What should I do? Should I copy the secret key from machine A to machine B? Not if that machine is not secure. > or should I copy the .dsc, .changes files from machine B to machine A and > sign there? I looked in maint-guide, developers-reference, debian-reference > but could not find any suggestions there. apt-get install devscripts man debrsign -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ pgp7xfkGD2Nkl.pgp Description: PGP signature
Re: signing packages from a different machine
Neil Williams wrote: > You don't have to sign every build you do on every machine - you only > need to sign the one build that is going to be uploaded. As none of > your sponsors are even remotely interested in the > architecture-dependent binaries and only really care about > the .dsc, .orig.tar.gz and (if not native) the .diff.gz, there is no > need to worry about signing builds on different architectures. It's > good to do but it isn't relevant to sponsoring, normally. I want to upload the packages to mentors.debian.net so that my sponsor can take a look at it. However, when I do $ dupload -t mentors texmacs_1.0.6.10-2_i386.changes dupload note: no announcement will be sent. Checking signatures before upload...GPG signature is missing dupload fatal error: Pre-upload '/usr/share/dupload/gpg-check %1' failed for texmacs_1.0.6.10-2_i386.changes at /usr/bin/dupload line 223 So mentors.debian.net requires packages to be signed. Is there any way around that? thanks raju -- Kamaraju S Kusumanchi http://www.people.cornell.edu/pages/kk288/ http://malayamaarutham.blogspot.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: signing packages from a different machine
On Wed, 22 Aug 2007 11:34:12 -0400 Kamaraju S Kusumanchi <[EMAIL PROTECTED]> wrote: > I want to upload the packages to mentors.debian.net so that my sponsor can > take a look at it. Then you really need to upload it from a secure machine that has your secret key. The reason for enforcing signatures is so that the sponsor can be sure that the package really was prepared by you. If you cannot trust the machine you are on, can you connect to a secure machine? If you cannot, you will need to delay the upload until you can. Do not compromise your secret key for the sake of this upload. -- Neil Williams = http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/ pgpwxtnUkRfcZ.pgp Description: PGP signature
