Re: debsign process
On Wed, May 30, 2001 at 04:04:11PM -0400, Ben Collins wrote:
> > > If the debsign process fails the first sign, because you enter the
> > > invalid passphrase for your gpgkey, no *.changes are created.
> > >
> > > This seems unlogic! Shouldn't it create *.changes and *.dsc files,
> > > and then start signing, so if it fails, one can run debsign on
> > > the *.changes file manually?
> >
> > Agreed! Please file this as a wishlist bug against dpkg-dev (the
> > program involved is dpkg-buildpackage).
>
> Maybe the debsign should be renamed dpkg-sign, and added to dpkg-dev.
> That way it can be called seperately (and we combine code).
>
> Also, FYI, someone is offering to recreate debsign as a C program, so
> that it only has to ask for the passphrase once. This will help a lot,
> especially if/when package signing is an everyday occurence.
Fun, fun, fun. There are three different signing programs around at
present, AFAIK: dpkg-buildpackage, which signs the .dsc and .changes
files; debsign, which emulates the signing part of dpkg-buildpackage,
and debsigs, which signs the control.tar.gz and data.tar.gz within the
.deb itself. None of them are safe to cache the passphrase (which
should require a setuid-root binary to allocate safe memory; I note
that mutt does not do this, though). Which one would be rewritten?
Nevertheless, I like the idea of debsign (or an enhanced version
thereof) becoming part of dpkg-dev.
Julian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, Queen Mary, Univ. of London
Debian GNU/Linux Developer, see http://people.debian.org/~jdg
Donate free food to the world's hungry: see http://www.thehungersite.com/
Reply to: