[Git][ftp-team/dak][deploy] 4 commits: Adjust a few suite names for security

["Joerg Jaspert (@joerg)" <joerg@debian.org>]

Title: GitLab

Joerg Jaspert pushed to branch deploy at Debian FTP Team / dak

Commits:

• 9ebbaee3
  by Joerg Jaspert at 2025-08-10T11:46:44+02:00

  Adjust a few suite names for security
  

• a624114d
  by Joerg Jaspert at 2025-08-10T12:03:22+02:00

  Use an existing key to sign
  
  ask dak admin to get us the signingkeys from testing, then use the
  first returned.
  

• a3005c70
  by Joerg Jaspert at 2025-08-10T12:08:43+02:00

  Sign extra files with the first key we use for signing testing
  
  Instead of hardcoding it and it failing every few years...
  

• 27466b5d
  by Joerg Jaspert at 2025-08-10T12:14:02+02:00

  Merge branch 'master' into deploy
  
  * master:
    Sign extra files with the first key we use for signing testing
    Use an existing key to sign
    Adjust a few suite names for security
  

2 changed files:

• config/debian/dinstall.functions
• docs/release.txt

Changes:

config/debian/dinstall.functions

---

...	...	@@ -551,8 +551,10 @@ function i18n2() {
551	551	echo "Codename is ${codename}"
552	552	dak control-suite -l ${suite} >${codename}
553	553	done
	554	+ SKEY=$(dak admin s-cfg get-json testing signingkeys | jq '.signingkeys[0]')
	555	+ SKEY=${SKEY//\"}
554	556	echo "${STAMP}" > timestamp
555		- gpg --homedir /srv/ftp-master.debian.org/s3kr1t/dot-gnupg --no-options --batch --no-tty --armour --default-key 473041FA --detach-sign -o timestamp.gpg timestamp
	557	+ gpg --homedir /srv/ftp-master.debian.org/s3kr1t/dot-gnupg --no-options --batch --no-tty --armour --default-key ${SKEY} --detach-sign -o timestamp.gpg timestamp
556	558	rm -f md5sum
557	559	md5sum * > md5sum
558	560	cd ${webdir}/
...	...	@@ -635,6 +637,8 @@ function signotherfiles() {
635	637
636	638	local archiveroot
637	639
	640	+ local SKEY=$(dak admin s-cfg get-json testing signingkeys | jq '.signingkeys[0]')
	641	+ SKEY=${SKEY//\"}
638	642	for archive in "${public_archives[@]}"; do
639	643	log "... archive: ${archive}"
640	644	archiveroot="$(get_archiveroot "${archive}")"
...	...	@@ -643,7 +647,7 @@ function signotherfiles() {
643	647	cd ${archiveroot}
644	648	rm -f extrafiles
645	649	sha256sum $(find * -type f | egrep -v '(pool|i18n|dep11|source)/|Contents-.*\.(gz|diff)|installer|binary-|(In)?Release(.gpg)?|\.changes' | sort) > ${TMPLO}
646		- gpg --no-options --batch --no-tty --armour --personal-digest-preferences=SHA256 --homedir /srv/ftp-master.debian.org/s3kr1t/dot-gnupg --no-options --batch --no-tty --armour --default-key 2B90D010 --clearsign --output ${archiveroot}/extrafiles ${TMPLO}
	650	+ gpg --no-options --batch --no-tty --armour --personal-digest-preferences=SHA256 --homedir /srv/ftp-master.debian.org/s3kr1t/dot-gnupg --no-options --batch --no-tty --armour --default-key ${SKEY} --clearsign --output ${archiveroot}/extrafiles ${TMPLO}
647	651	rm -f ${TMPLO}
648	652	done
649	653	}

docs/release.txt

---

...	...	@@ -565,14 +565,14 @@ mirrorpush
565	565	# On security-master:
566	566
567	567	#rename-suite {,old}oldoldstable
568		-rename-suite {,old}oldstable
	568	+rename-suite {,old}oldstable-security
569	569	rename-suite {,old}stable-security
570	570	rename-suite {testing,stable}-security
571		-rename-suite {,old}oldstable-debug
	571	+rename-suite {,old}oldstable-security-debug
572	572	rename-suite {,old}stable-security-debug
573	573	rename-suite {testing,stable}-security-debug stable-debug
574		-rename-suite buildd-{,old}oldoldstable
575		-rename-suite buildd-{,old}oldstable
	574	+rename-suite buildd-{,old}oldoldstable-security
	575	+rename-suite buildd-{,old}oldstable-security
576	576	rename-suite buildd-{,old}stable-security
577	577	rename-suite buildd-{testing,stable}-security
578	578

—
View it on GitLab.
You're receiving this email because of your account on salsa.debian.org. Manage all notifications · Help