Bug#225318: [dpkg-buildpackage] Please provide support for signing binary files
Package: dpkg-dev
Severity: wishlist
Tags: patch
Hi,
please provide support for signing the binary debian archive files
(aka *.deb) in dpkg-buildpackage. I've attached a patch for this.
(This patch has also support for -ua = "unsigned all", as a bonus.)
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
diff -Nur dpkg-1.10.18.orig/scripts/dpkg-buildpackage.sh dpkg-1.10.18/scripts/dpkg-buildpackage.sh
--- dpkg-1.10.18.orig/scripts/dpkg-buildpackage.sh Sat Sep 20 02:57:39 2003
+++ dpkg-1.10.18/scripts/dpkg-buildpackage.sh Sun Dec 28 19:19:39 2003
@@ -23,6 +23,8 @@
-spgp the sign-command is called like PGP
-us unsigned source
-uc unsigned changes
+ -ub unsigned binary archive files
+ -ua unsigned all
-a<arch> Debian architecture we build for (implies -d)
-b binary-only, do not build source } also passed to
-B binary-only, no arch-indep files } dpkg-genchanges
@@ -57,6 +59,7 @@
signsource='withecho signfile'
signchanges='withecho signfile'
+signbinary='withecho signdeb'
cleansource=false
checkbuilddep=true
checkbuilddep_args=''
@@ -85,6 +88,8 @@
-spgp) forcesigninterface=pgp ;;
-us) signsource=: ;;
-uc) signchanges=: ;;
+ -ub) signbinary=: ;;
+ -ua) signsource=:; signchanges=:; signbinary=: ;;
-ap) usepause="true";;
-a*) targetarch="$value"; checkbuilddep=false ;;
-si) sourcestyle=-si ;;
@@ -116,6 +121,7 @@
if [ -z "$signcommand" ] ; then
signsource=:
signchanges=:
+ signbinary=:
fi
if test -n "$forcesigninterface" ; then
@@ -200,7 +206,7 @@
withecho $rootcommand debian/rules $binarytarget
fi
if [ "$usepause" = "true" ] && \
- [ "$signchanges" != ":" -o \( -z "$binaryonly" -a "$signsource" != ":" \) ] ; then
+ [ "$signchanges" != ":" -o "$signbinary" != ":" -o \( -z "$binaryonly" -a "$signsource" != ":" \) ] ; then
echo Press the return key to start signing process
read dummy_stuff
fi
@@ -242,6 +248,15 @@
fi
fi
+
+signdeb () {
+ if [ -x $(which dpkg-sig) ]; then
+ dpkg-sig -k "${signkey:-$maintainer}" --sign=builder "../$1";
+ fi
+}
+
+
+$signbinary "$pva.changes"
$signchanges "$pva.changes"
if $cleansource; then
diff -Nur dpkg-1.10.18.orig/scripts/dpkg-source.1 dpkg-1.10.18/scripts/dpkg-source.1
--- dpkg-1.10.18.orig/scripts/dpkg-source.1 Sun Sep 14 03:49:08 2003
+++ dpkg-1.10.18/scripts/dpkg-source.1 Sun Dec 28 19:26:07 2003
@@ -609,8 +609,10 @@
.BR "debian/rules clean" )
after the package has been built.
.TP
-.BR -us ", " -uc
-Do not sign the source package or the .changes file, respectively.
+.BR -us ", " -uc ", " -ub ", " -ua
+Do not sign the source package or the .changes file or the binary debian
+files, respectively, or nor file at all. The binary debian files are also
+not signed if dpkg-sig is not installed.
.TP
.BI -a architecture
Specify the Debian architecture we build for. The architecture of the
Reply to: