tag 247824 + patch thanks Hi, I've tried to create a patch to allow dpkg-buildpackage users to call dpkg-sig instead of just signing the .dsc and .changes. This patch adds a -ds option, which replaces the internal signfile() calls with dpkg-sig. It tries to use the -uc and -us options, but dpkg-sig is not able to sign only the .dsc and not the .changes. Marc -- BOFH #256: You need to install an RTFM interface.
diff -Nru dpkg-1.10.24/scripts/dpkg-buildpackage.sh dpkg-1.10.24.he/scripts/dpkg-buildpackage.sh --- dpkg-1.10.24/scripts/dpkg-buildpackage.sh 2004-10-27 11:06:43.000000000 +0200 +++ dpkg-1.10.24.he/scripts/dpkg-buildpackage.sh 2004-11-07 17:29:46.000000000 +0100 @@ -18,6 +18,7 @@ -p<sign-command> -d do not check build dependencies and conflicts -D check build dependencies and conflicts + -ds sign files with dpkg-sig -k<keyid> the key to use for signing -sgpg the sign-command is called like GPG -spgp the sign-command is called like PGP @@ -68,6 +69,9 @@ desc='' noclean=false usepause=false +usedpkg_sig=false +dpkg_sig_changes_mode='full' +dpkg_sig_options='' warnable_error=0 passopts='' @@ -83,8 +87,10 @@ -D) checkbuilddep=true ;; -sgpg) forcesigninterface=gpg ;; -spgp) forcesigninterface=pgp ;; - -us) signsource=: ;; - -uc) signchanges=: ;; + -us) signsource=: + dpkg_sig_changes_mode="yes" ;; + -uc) signchanges=: + dpkg_sig_changes_mode="no" ;; -ap) usepause="true";; -a*) targetarch="$value"; checkbuilddep=false ;; -si) sourcestyle=-si ;; @@ -101,6 +107,7 @@ { echo >&2 "$progname: cannot combine $1 and -S" ; exit 2 ; } ;; -S) sourceonly=-S; checkbuilddep=false; [ "$binaryonly" ] && \ { echo >&2 "$progname: cannot combine $binaryonly and $1" ; exit 2 ; } ;; + -ds) usedpkg_sig="true" ;; -v*) since="$value" ;; -m*) maint="$value" ;; -e*) changedby="$value" ;; @@ -128,6 +135,10 @@ signinterface=$signcommand fi +if ! [ -x $(which dpkg-sig) ] ; then + echo >&2 "progname: dpkg-sig isn't installed" + exit 1 +fi mustsetvar () { if [ "x$2" = x ]; then @@ -205,7 +216,7 @@ read dummy_stuff fi -if [ x$binaryonly = x ]; then +if [ x$binaryonly = x ] && [ $usedpkg_sig = "false" ]; then $signsource "$pv.dsc" fi chg=../"$pva.changes" @@ -242,7 +253,18 @@ fi fi -$signchanges "$pva.changes" +if [ $usedpkg_sig = "true" ]; then + if [ "x$signkey" != "x" ]; then + dpkg_sig_options="$dpkg_sig_options -k \"$signkey\"" + fi + if [ "x$maintainer" != "x" ]; then + dpkg_sig_options="$dpkg_sig_options -m \"$maintainer\"" + fi + echo >&2 " dpkg-sig $dpkg_sig_options --sign-changes $dpkg_sig_changes_mode --sign builder \""$chg"\"" + eval dpkg-sig $dpkg_sig_options --sign-changes $dpkg_sig_changes_mode --sign builder \""$chg"\" +else + $signchanges "$pva.changes" +fi if $cleansource; then withecho $rootcommand debian/rules clean diff -Nru dpkg-1.10.24/scripts/dpkg-source.1 dpkg-1.10.24.he/scripts/dpkg-source.1 --- dpkg-1.10.24/scripts/dpkg-source.1 2004-10-27 11:06:43.000000000 +0200 +++ dpkg-1.10.24.he/scripts/dpkg-source.1 2004-11-07 17:10:16.000000000 +0100 @@ -609,6 +609,10 @@ .BR "debian/rules clean" ) after the package has been built. .TP +.B \-ds +Sign the binary files and the .changes file with +.BR dpkg-sig . +.TP .BR \-us ", " \-uc Do not sign the source package or the .changes file, respectively. .TP
Attachment:
pgpa40T47XuFD.pgp
Description: PGP signature