Upon investigation, pbuilder appears to be always adding -us -uc
to the build, so it does not sign the debian files.
The approach that I have taken is:
- Use sbuild instead of pbuilder, creating unsigned Debian files.
- Add the Debian files to a signed reprepro repository (hosted on /home, so they can be accessed by sbuild).
- Use a
--chroot-setup-commands
hook to add the repository and signing key before the build.
This should be doable without using sbuild, just:
- Point the
--othermirror
to the reprepro repository. - Add the signing key to the pbuilder chroot (not sure how to do this).