[gobolinux-users] Re: What am I signing?
Carlo Calica
carlo at calica.com
Sun May 7 02:15:08 GMT 2006
GPG 1.9 (its the dev branch) includes a gpg-agent, similar to
ssh-agent. I haven't tried it, but it should allow you to avoid
repeated signing.
On 5/5/06, Hisham Muhammad <hisham.hm at gmail.com> wrote:
> On 5/4/06, Dan <theyranos at gmail.com> wrote:
> > I decided to use the first actual break I've gotten in a couple of
> > months to update my computer. Every time I Compile something, I have
> > to go through this process:
> >
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > SymlinkProgram: Done.
> > sudo: no passwd entry for root!
> > SignProgram: Creating FileHash
> > sudo: no passwd entry for root!
> > SignProgram: Signing FileHash
> >
> > You need a passphrase to unlock the secret key for
> > user: "Dan Charney <drmoose at drmoose.net>"
> > 1024-bit DSA key, ID CC28D16F, created 2006-02-22
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> >
> > Freshen is on update 20 of 89, which means I'll have to type my 21-
> > character passphrase another 69 times. I'd love to know why. What is
> > the FileHash I'm signing, and why do I have to sign it?
>
> By default, Compile signs the binaries that were just compiled. The
> list of hashes and the accompanying signature file can be found under
> /Programs/Foo/1.0/Resources/FileHash{,.sig}. Typing in the passphrase
> 89 times sounds really painful -- any suggestions on how to streamline
> the process are welcome (in particular, if anyone knows (if possible)
> how to tell gpg to sign multiple files at once we could make
> SignProgram sign everything in the very end).
>
> -- Hisham
> _______________________________________________
> gobolinux-users mailing list
> gobolinux-users at lists.gobolinux.org
> http://lists.gobolinux.org/mailman/listinfo/gobolinux-users
>
--
Carlo J. Calica
More information about the gobolinux-users
mailing list