[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?

On Fri, Aug 19, 2016 at 03:36:37PM +0200, Johannes Schauer wrote:
> Hi,
> Quoting Ian Jackson (2016-08-19 14:25:52)
> > (Would it not be possible to generate the key inside the chroot?  I
> > guess there are probably other problems with that.)
> that would require lots of time and entropy - unless somebody knows how to
> trick gpg to generate a private/public key pair from a dummy entropy source.
> A better approach would probably be to copy everything that needs signing from
> the chroot to the host, do the signing there and then copy the signatures back
> into the chroot.

That reminds me of `debrsign`. From it's manual page:

| DEBRSIGN(1)            General Commands Manual            DEBRSIGN(1)
|        debrsign  - remotely sign a Debian .changes and .dsc file pair
|        using SSH
|        debrsign [options] [user@]remotehost [changes-file|dsc-file]
|        debrsign takes either an unsigned .dsc  file  or  an  unsigned
|        .changes  file and the associated unsigned .dsc file (found by
|        replacing the architecture name and .changes by  .dsc)  if  it
|        appears in the .changes file and signs them by copying them to
|        the remote machine using  ssh(1)  and  remotely  running  deb-
|        sign(1)  on  that  machine.   All options not listed below are
|        passed to the debsign program on the remote machine.

I hope this helps.

Geert Stappers
Leven en laten leven

Reply to: