[dak/master] let generate_releases be able to use multiple keys for a signature
without having two signature blocks, which apt / co arent really checking.
now they get them presented in one block, so they might actually do so.
only really interesting whenever we do a key rollover of the ftpmaster key,
as we dont have the stable key available. pity, or it would work there to
to make this kind of "merged" signature.
---
dak/generate_releases.py | 17 +++++------------
1 files changed, 5 insertions(+), 12 deletions(-)
diff --git a/dak/generate_releases.py b/dak/generate_releases.py
index 6a1bf84..c1cad6b 100755
--- a/dak/generate_releases.py
+++ b/dak/generate_releases.py
@@ -95,20 +95,13 @@ def sign_release_dir(suite, dirname):
if os.path.exists(inlinedest):
os.unlink(inlinedest)
- # We can only use one key for inline signing so use the first one in
- # the array for consistency
- firstkey = True
-
for keyid in suite.signingkeys or []:
- defkeyid = "--default-key %s" % keyid
-
- os.system("gpg %s %s %s --detach-sign <%s >>%s" %
- (keyring, defkeyid, arguments, relname, dest))
+ defkeyid = "--local-user %s" % keyid
- if firstkey:
- os.system("gpg %s %s %s --clearsign <%s >>%s" %
- (keyring, defkeyid, arguments, relname, inlinedest))
- firstkey = False
+ os.system("gpg %s %s %s --detach-sign <%s >>%s" %
+ (keyring, defkeyid, arguments, relname, dest))
+ os.system("gpg %s %s %s --clearsign <%s >>%s" %
+ (keyring, defkeyid, arguments, relname, inlinedest))
class ReleaseWriter(object):
def __init__(self, suite):
--
1.7.2.5
Reply to: