I'm working on Emdebian Integration [0] which will be using post-processing to take packages uploaded by the buildds, remove documentation and make other architecture-neutral changes, add a version suffix and upload to the equivalent Emdebian suite. unstable goes to unstable-grip etc. I've got a question on how to arrange the GnuPG signing key which will be used to sign the .changes files generated by the process using the data from ries. ries: crontab generates a file, pushes that file to the buildd via SSH. buildd: downloads packages for multiple architectures, post-processes them for Emdebian (adding the em1 version suffix, removing docs etc.) and generates a series of .changes files suitable for upload to the Emdebian suites (${suite}-grip, e.g. unstable-grip etc.). ftp-master: receives the (smaller) packages with an em1 version suffix targeted at the Emdebian suite, populates the suite and updates projectb using dak so that the script on ries can use that data in subsequent queries. The buildd I'm thinking of using is www.emdebian.org which is a virtual server hosted by bytemark, sponsored by toby-churchill.com. What is involved in autosigning the .changes files for uploads from this machine? Is it easier to adapt the buildd process to use one of the existing amd64 buildd machines to run the Emdebian code (which is many times faster than the equivalent package build)? If a different machine is preferred, I'll adapt the emdebian-grip package in Debian to prepare a minimal version which only has the dependencies needed for the emgrip task itself. (dpkg-dev, devscripts {without recommends}, debhelper and patchutils {for dscextract}). If that's easier to manage in a chroot, that's fine but it doesn't explicitly need a chroot. I will need to set up an SSH connection to push the data file to www.emdebian.org anyway to allow testing and initial setup. I want to check if we should actually be using a different server or whether autosigning involves requirements for access to the emdebian.org machine and whether that is as an ordinary user just for the buildd process or full access. I need to check with work before granting access to the current machine. Is the signing separate from the buildd process? If it is, does that involve copying the entire upload or just the .changes file & .dsc? Thanks for you help with this. [0] http://wiki.debian.org/EmdebianIntegration [1] http://wiki.debian.org/EmdebianIntegration#Mechanisms -- Neil Williams ============= http://www.linux.codehelp.co.uk/
Attachment:
pgp08pCmDYJ8e.pgp
Description: PGP signature