In general, you should allow the user to specify the keyid, since you usually use one all the time.
LOCAL_KEY=$(gpg --fingerprint | grep ^pub | awk '{print $2}' | cut -d"/" -f2) Better extract the keyid out of the secret keyring , like this
LOCAL_KEY=`gpg --list-secret-keys|grep "^sec"|sed -e 's/.*\///;s/ .*//g;'|head -n 1`
gpg --export -a > $CD_DIR/gpg-pubkey-${LOCAL_KEY}.asc rm $CD_DIR/content.asc echo "KEY SHA1 $(cd $CD_DIR && sha1sum gpg-pubkey-${LOCAL_KEY}.asc)" \ >> $CD_DIR/content gpg --export -a -u $LOCAL_KEY > $CD_DIR/content.key
Missing here: gpg --detach-sign -u $LOCAL_KEY $CD_DIR/content
rm $CD_DIR/media.1/products.asc gpg --detach-sign -a $CD_DIR/media.1/products gpg --export -a > $CD_DIR/media.1/products.key
Better: gpg --export -a -u $LOCAL_KEY > $CD_DIR/media.1/products.key
So according to the above, I have done: 1) create a GPG key 2) adapted the "packages" file the latest create_package_descr 3) signed content 4) created /content.key
As long as I do not know if I am doing things correctly, I can't put anything in bugzilla. :-(
See adjustments above, esecpially content.asc signing. Ciao, Marcus