Sign personal repo for custom build

I have built my own custom repo for a custom Manjaro build but I am not sure how to sign them properly. As mentioned here How to become a contributor to manjaro repositories? I can do this step by step it seems, but then I wonder even if I achieve this, what happens if say I reinstall my personal Linux distro, is the signing still going to work?

What is the best procedure to sign custom repos? And also, how necessary is it? Thanks!

Do you want to sign the repo itself?
Or do you want to sign the packages that in the repo?

Both are possible.
Just generate your key with gpg, import it into pacman keyring and locally sign it with pacman-key --lsign-key.

Set GPGKEY in /etc/makepkg.conf to sign your custom built packages, and build with makepkg [options] --sign.

To sign the repo, use repo-add -s -k <key>.

1 Like

Thank you! I will look into signing the repo itself

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by Bytemark