Il 04/07/2016 18:35, Christian Hesse ha scritto: > > We have three places where this can come from... > > https://git.archlinux.org/pacman.git/tree/lib/libalpm/signing.c#n1008 > https://git.archlinux.org/pacman.git/tree/lib/libalpm/signing.c#n1038 > https://git.archlinux.org/pacman.git/tree/lib/libalpm/signing.c#n1045 > > Not sure what goes wrong here. Is source of the build service available? How > do they sign the packages? > The build service source code is available here: https://github.com/openSUSE/open-build-service/ and I suppose that the signer is this one: https://github.com/openSUSE/open-build-service/blob/master/src/backend/bs_signer >From what I've understood, the signer create a signature file (.sig) and the signature from that file is included in the repo creation here: https://github.com/openSUSE/open-build-service/blob/master/src/backend/bs_mkarchrepo#L90 (up to line 94). -- Giovanni Santini My blog: http://giovannisantini.tk My code: https://github.com/ItachiSan My code, again: https://gitlab.com/u/ItachiSan My Twitter: https://twitter.com/santini__gio My Facebook: https://www.facebook.com/giovanni.santini My Google+: https://plus.google.com/+GiovanniSantini/ My GPG: 2FADEBF5
