Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?

To: debian-devel@lists.debian.org
Subject: Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
From: Geert Stappers <stappers@stappers.nl>
Date: Mon, 22 Aug 2016 06:58:31 +0200
Message-id: <[🔎] 20160822045831.GF4220@gpm.stappers.nl>
In-reply-to: <[🔎] 147161379783.17176.4716500465993418570@localhost>
References: <[🔎] 147145469115.17176.12916309740145620869@localhost> <[🔎] 22454.62739.929200.138277@chiark.greenend.org.uk> <[🔎] 22454.62936.350403.278004@chiark.greenend.org.uk> <[🔎] 147160911058.17176.475091240785647603@localhost> <[🔎] 22454.64208.951890.302165@chiark.greenend.org.uk> <[🔎] 147161379783.17176.4716500465993418570@localhost>

On Fri, Aug 19, 2016 at 03:36:37PM +0200, Johannes Schauer wrote:
> Hi,
> 
> Quoting Ian Jackson (2016-08-19 14:25:52)
> > (Would it not be possible to generate the key inside the chroot?  I
> > guess there are probably other problems with that.)
> 
> that would require lots of time and entropy - unless somebody knows how to
> trick gpg to generate a private/public key pair from a dummy entropy source.
> 
> A better approach would probably be to copy everything that needs signing from
> the chroot to the host, do the signing there and then copy the signatures back
> into the chroot.

That reminds me of `debrsign`. From it's manual page:

| DEBRSIGN(1)            General Commands Manual            DEBRSIGN(1)
| 
| NAME
|        debrsign  - remotely sign a Debian .changes and .dsc file pair
|        using SSH
| 
| SYNOPSIS
|        debrsign [options] [user@]remotehost [changes-file|dsc-file]
| 
| DESCRIPTION
|        debrsign takes either an unsigned .dsc  file  or  an  unsigned
|        .changes  file and the associated unsigned .dsc file (found by
|        replacing the architecture name and .changes by  .dsc)  if  it
|        appears in the .changes file and signs them by copying them to
|        the remote machine using  ssh(1)  and  remotely  running  deb-
|        sign(1)  on  that  machine.   All options not listed below are
|        passed to the debsign program on the remote machine.

I hope this helps.

Groeten
Geert Stappers
-- 
Leven en laten leven

Reply to:

References:
- Does anybody plan to keep using sbuild with Squeeze or older chroots?
  - From: Johannes Schauer <josch@debian.org>
- Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
  - From: Johannes Schauer <josch@debian.org>
- Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
  - From: Johannes Schauer <josch@debian.org>

Prev by Date: Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
Next by Date: Bug#835087: ITP: r-cran-cairo -- GNU R graphics device using cairo graphics library
Previous by thread: Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
Next by thread: Re: Does anybody plan to keep using sbuild with Squeeze or older chroots?
Index(es):
- Date
- Thread