Bug#225318: [dpkg-buildpackage] Please provide support for signing binary files

To: submit@bugs.debian.org
Subject: Bug#225318: [dpkg-buildpackage] Please provide support for signing binary files
From: Andreas Barth <aba@not.so.argh.org>
Date: Sun, 28 Dec 2003 19:32:04 +0100
Message-id: <[🔎] 20031228183204.GA13953@mails.so.argh.org>
Reply-to: Andreas Barth <aba@not.so.argh.org>, 225318@bugs.debian.org

Package: dpkg-dev
Severity: wishlist
Tags: patch

Hi,

please provide support for signing the binary debian archive files
(aka *.deb) in dpkg-buildpackage. I've attached a patch for this.
(This patch has also support for -ua = "unsigned all", as a bonus.)


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

diff -Nur dpkg-1.10.18.orig/scripts/dpkg-buildpackage.sh dpkg-1.10.18/scripts/dpkg-buildpackage.sh
--- dpkg-1.10.18.orig/scripts/dpkg-buildpackage.sh	Sat Sep 20 02:57:39 2003
+++ dpkg-1.10.18/scripts/dpkg-buildpackage.sh	Sun Dec 28 19:19:39 2003
@@ -23,6 +23,8 @@
          -spgp         the sign-command is called like PGP 
          -us           unsigned source
          -uc           unsigned changes
+         -ub           unsigned binary archive files
+         -ua           unsigned all
          -a<arch>      Debian architecture we build for (implies -d)
          -b            binary-only, do not build source } also passed to
          -B            binary-only, no arch-indep files } dpkg-genchanges
@@ -57,6 +59,7 @@
 
 signsource='withecho signfile'
 signchanges='withecho signfile'
+signbinary='withecho signdeb'
 cleansource=false
 checkbuilddep=true
 checkbuilddep_args=''
@@ -85,6 +88,8 @@
 	-spgp)  forcesigninterface=pgp ;;
 	-us)	signsource=: ;;
 	-uc)	signchanges=: ;;
+	-ub)	signbinary=: ;;
+	-ua)	signsource=:; signchanges=:; signbinary=: ;;
 	-ap)	usepause="true";;
 	-a*)    targetarch="$value"; checkbuilddep=false ;;
 	-si)	sourcestyle=-si ;;
@@ -116,6 +121,7 @@
 if [ -z "$signcommand"  ] ; then
 	signsource=:
 	signchanges=:
+	signbinary=:
 fi
 
 if test -n "$forcesigninterface" ; then
@@ -200,7 +206,7 @@
 	withecho $rootcommand debian/rules $binarytarget
 fi
 if [ "$usepause" = "true" ] && \
-   [  "$signchanges" != ":" -o \( -z "$binaryonly"  -a "$signsource" != ":" \) ] ; then
+   [  "$signchanges" != ":" -o "$signbinary" != ":" -o \( -z "$binaryonly"  -a "$signsource" != ":" \) ] ; then
     echo Press the return key to start signing process
     read dummy_stuff
 fi
@@ -242,6 +248,15 @@
 	fi
 fi
 
+
+signdeb () {
+	if [ -x $(which dpkg-sig) ]; then
+		dpkg-sig -k "${signkey:-$maintainer}" --sign=builder "../$1";
+	fi
+}
+
+
+$signbinary "$pva.changes"
 $signchanges "$pva.changes"
 
 if $cleansource; then
diff -Nur dpkg-1.10.18.orig/scripts/dpkg-source.1 dpkg-1.10.18/scripts/dpkg-source.1
--- dpkg-1.10.18.orig/scripts/dpkg-source.1	Sun Sep 14 03:49:08 2003
+++ dpkg-1.10.18/scripts/dpkg-source.1	Sun Dec 28 19:26:07 2003
@@ -609,8 +609,10 @@
 .BR "debian/rules clean" )
 after the package has been built.
 .TP
-.BR -us ", " -uc
-Do not sign the source package or the .changes file, respectively.
+.BR -us ", " -uc ", " -ub ", " -ua
+Do not sign the source package or the .changes file or the binary debian
+files, respectively, or nor file at all. The binary debian files are also
+not signed if dpkg-sig is not installed.
 .TP
 .BI -a architecture
 Specify the Debian architecture we build for. The architecture of the

Reply to:

Prev by Date: Bug#47404: 45291 Get your meds here FDA approved meds
Next by Date: Bug#213846: happens for me too
Previous by thread: Bug#47404: 45291 Get your meds here FDA approved meds
Next by thread: Bug#213846: happens for me too
Index(es):
- Date
- Thread