Joerg Jaspert pushed to branch master at Debian FTP Team / dak
Commits:
-
1108f71e
by Joerg Jaspert at 2021-07-19T22:05:18+02:00
1 changed file:
Changes:
... | ... | @@ -220,6 +220,22 @@ If the .dsc is signed by an old key no longer in the keyring, use |
220 | 220 |
``--ignore-signature``. Make **extra sure** the .dsc is *correct*.
|
221 | 221 |
|
222 | 222 |
|
223 |
+NEW on security
|
|
224 |
+---------------
|
|
225 |
+ |
|
226 |
+Just process as on main, nothing special anymore.
|
|
227 |
+ |
|
228 |
+Codesigning
|
|
229 |
+-----------
|
|
230 |
+Switch to codesigning user, run the following (there may be a tmux
|
|
231 |
+session called at around that has it in history and maybe some output
|
|
232 |
+from last run):
|
|
233 |
+ |
|
234 |
+``CODESIGN_DSN="postgresql://:5433/codesign" ./code-signing/secure-boot-code-sign.py --config code-signing/etc/debian-prod.yaml``
|
|
235 |
+ |
|
236 |
+Check output for any errors.
|
|
237 |
+ |
|
238 |
+Can be run as many times as you want, does nothing if no requests are waiting.
|
|
223 | 239 |
|
224 | 240 |
.. _Salsa: http://salsa.debian.org/
|
225 | 241 |
.. _FTP-Team: https://salsa.debian.org/ftp-team/
|