Joerg Jaspert pushed to branch master at Debian FTP Team / dak
Commits:
-
1108f71e
by Joerg Jaspert at 2021-07-19T22:05:18+02:00
1 changed file:
Changes:
| ... | ... | @@ -220,6 +220,22 @@ If the .dsc is signed by an old key no longer in the keyring, use |
| 220 | 220 |
``--ignore-signature``. Make **extra sure** the .dsc is *correct*.
|
| 221 | 221 |
|
| 222 | 222 |
|
| 223 |
+NEW on security
|
|
| 224 |
+---------------
|
|
| 225 |
+ |
|
| 226 |
+Just process as on main, nothing special anymore.
|
|
| 227 |
+ |
|
| 228 |
+Codesigning
|
|
| 229 |
+-----------
|
|
| 230 |
+Switch to codesigning user, run the following (there may be a tmux
|
|
| 231 |
+session called at around that has it in history and maybe some output
|
|
| 232 |
+from last run):
|
|
| 233 |
+ |
|
| 234 |
+``CODESIGN_DSN="postgresql://:5433/codesign" ./code-signing/secure-boot-code-sign.py --config code-signing/etc/debian-prod.yaml``
|
|
| 235 |
+ |
|
| 236 |
+Check output for any errors.
|
|
| 237 |
+ |
|
| 238 |
+Can be run as many times as you want, does nothing if no requests are waiting.
|
|
| 223 | 239 |
|
| 224 | 240 |
.. _Salsa: http://salsa.debian.org/
|
| 225 | 241 |
.. _FTP-Team: https://salsa.debian.org/ftp-team/
|