gen_repos_files doesn't use the repo's owner GPG key to sign packages
Following the tips from a few thread here at LQ and AlienBob's blog, I set up a repository for my own slackware packages, using AlienBob gen_repos_files.sh script.
Unfortunately, slackpkg kept complaining about my repo failing the CHECKSUMS gpg check.
I dig a little and I found out that although the script generates the repo's GPG-KEY from the REPOSOWNERGPG variable, it did not use to it to sign the packages and the CHECKSUMS.md5 file.
When you don't specify the key to use, gpg uses the first one in your keyring. If that's your repo's gpg key, all is fine. But my repo's gpg key is actually second in my keyring...
Here's my proposed patch to add -u "$REPOSOWNERGPG" to the gpg command.