tag 247824 + patch thanks Hi, I've tried to create a patch to allow dpkg-buildpackage users to call dpkg-sig instead of just signing the .dsc and .changes. This patch adds a -ds option, which replaces the internal signfile() calls with dpkg-sig. It tries to use the -uc and -us options, but dpkg-sig is not able to sign only the .dsc and not the .changes. Marc -- BOFH #256: You need to install an RTFM interface.
diff -Nru dpkg-1.10.24/scripts/dpkg-buildpackage.sh dpkg-1.10.24.he/scripts/dpkg-buildpackage.sh
--- dpkg-1.10.24/scripts/dpkg-buildpackage.sh 2004-10-27 11:06:43.000000000 +0200
+++ dpkg-1.10.24.he/scripts/dpkg-buildpackage.sh 2004-11-07 17:29:46.000000000 +0100
@@ -18,6 +18,7 @@
-p<sign-command>
-d do not check build dependencies and conflicts
-D check build dependencies and conflicts
+ -ds sign files with dpkg-sig
-k<keyid> the key to use for signing
-sgpg the sign-command is called like GPG
-spgp the sign-command is called like PGP
@@ -68,6 +69,9 @@
desc=''
noclean=false
usepause=false
+usedpkg_sig=false
+dpkg_sig_changes_mode='full'
+dpkg_sig_options=''
warnable_error=0
passopts=''
@@ -83,8 +87,10 @@
-D) checkbuilddep=true ;;
-sgpg) forcesigninterface=gpg ;;
-spgp) forcesigninterface=pgp ;;
- -us) signsource=: ;;
- -uc) signchanges=: ;;
+ -us) signsource=:
+ dpkg_sig_changes_mode="yes" ;;
+ -uc) signchanges=:
+ dpkg_sig_changes_mode="no" ;;
-ap) usepause="true";;
-a*) targetarch="$value"; checkbuilddep=false ;;
-si) sourcestyle=-si ;;
@@ -101,6 +107,7 @@
{ echo >&2 "$progname: cannot combine $1 and -S" ; exit 2 ; } ;;
-S) sourceonly=-S; checkbuilddep=false; [ "$binaryonly" ] && \
{ echo >&2 "$progname: cannot combine $binaryonly and $1" ; exit 2 ; } ;;
+ -ds) usedpkg_sig="true" ;;
-v*) since="$value" ;;
-m*) maint="$value" ;;
-e*) changedby="$value" ;;
@@ -128,6 +135,10 @@
signinterface=$signcommand
fi
+if ! [ -x $(which dpkg-sig) ] ; then
+ echo >&2 "progname: dpkg-sig isn't installed"
+ exit 1
+fi
mustsetvar () {
if [ "x$2" = x ]; then
@@ -205,7 +216,7 @@
read dummy_stuff
fi
-if [ x$binaryonly = x ]; then
+if [ x$binaryonly = x ] && [ $usedpkg_sig = "false" ]; then
$signsource "$pv.dsc"
fi
chg=../"$pva.changes"
@@ -242,7 +253,18 @@
fi
fi
-$signchanges "$pva.changes"
+if [ $usedpkg_sig = "true" ]; then
+ if [ "x$signkey" != "x" ]; then
+ dpkg_sig_options="$dpkg_sig_options -k \"$signkey\""
+ fi
+ if [ "x$maintainer" != "x" ]; then
+ dpkg_sig_options="$dpkg_sig_options -m \"$maintainer\""
+ fi
+ echo >&2 " dpkg-sig $dpkg_sig_options --sign-changes $dpkg_sig_changes_mode --sign builder \""$chg"\""
+ eval dpkg-sig $dpkg_sig_options --sign-changes $dpkg_sig_changes_mode --sign builder \""$chg"\"
+else
+ $signchanges "$pva.changes"
+fi
if $cleansource; then
withecho $rootcommand debian/rules clean
diff -Nru dpkg-1.10.24/scripts/dpkg-source.1 dpkg-1.10.24.he/scripts/dpkg-source.1
--- dpkg-1.10.24/scripts/dpkg-source.1 2004-10-27 11:06:43.000000000 +0200
+++ dpkg-1.10.24.he/scripts/dpkg-source.1 2004-11-07 17:10:16.000000000 +0100
@@ -609,6 +609,10 @@
.BR "debian/rules clean" )
after the package has been built.
.TP
+.B \-ds
+Sign the binary files and the .changes file with
+.BR dpkg-sig .
+.TP
.BR \-us ", " \-uc
Do not sign the source package or the .changes file, respectively.
.TP
Attachment:
pgpa40T47XuFD.pgp
Description: PGP signature