you need to sign your packages when you upload them to Launchpad
pbuilder—which creates reproducible builds of a package in a clean,
isolated environment
bzr-builddeb—which includes bzr; together these serve as your
version control and package management systems
apt-file—which helps you find the binary package that includes a
needed fileSet Up GPG
Generate your GPG key so that you can sign packages. Packages must be
signed before they will be accepted for upload into the Ubuntu software
repositories. This allows for tracking who is creating software and minimizes
the risk of malicious software acts.
Click here to view code image
matthew@seymour:~$ gpg --gen-key
You are asked what kind of key you want to generate. You can safely choose
the default settings. Create a passphrase when asked. When this is done, a
message like this one is returned:
Click here to view code image
pub 2048R/38E0C789 2012-08-25
Key fingerprint = 6363 387F 7455 8929 E6E2 4619 4798 DFD9 38E0
C789uid Matthew Helmke <[email protected]>sub 2048R/BDE097FF 2012-08-2NOTE
I created this GPG key specifically for this book, and it is not used
anywhere else. You won’t see it in use on Launchpad, for example, or for
signing packages.You need the key ID, which in this example is 38E0C789, and you need to
upload your key ID to a keyserver, replacing keyID with your key ID:
Click here to view code image
matthew@seymour:~$ gpg --send-keys keyID