Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
On Fri, Aug 19, 2016 at 03:36:37PM +0200, Johannes Schauer wrote:
> Hi,
>
> Quoting Ian Jackson (2016-08-19 14:25:52)
> > (Would it not be possible to generate the key inside the chroot? I
> > guess there are probably other problems with that.)
>
> that would require lots of time and entropy - unless somebody knows how to
> trick gpg to generate a private/public key pair from a dummy entropy source.
>
> A better approach would probably be to copy everything that needs signing from
> the chroot to the host, do the signing there and then copy the signatures back
> into the chroot.
That reminds me of `debrsign`. From it's manual page:
| DEBRSIGN(1) General Commands Manual DEBRSIGN(1)
|
| NAME
| debrsign - remotely sign a Debian .changes and .dsc file pair
| using SSH
|
| SYNOPSIS
| debrsign [options] [user@]remotehost [changes-file|dsc-file]
|
| DESCRIPTION
| debrsign takes either an unsigned .dsc file or an unsigned
| .changes file and the associated unsigned .dsc file (found by
| replacing the architecture name and .changes by .dsc) if it
| appears in the .changes file and signs them by copying them to
| the remote machine using ssh(1) and remotely running deb-
| sign(1) on that machine. All options not listed below are
| passed to the debsign program on the remote machine.
I hope this helps.
Groeten
Geert Stappers
--
Leven en laten leven
Reply to: