[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: inline gpg signatures from mutt

Salvatore Bonaccorso <carnil@debian.org> writes:

> Btw, if you have a correctly configured local MTA, then maybe you can
> just do the same as we do for DSA's:
>
> https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull#Sending_out_the_announcement_to_debian-security-announce
>
> write the DSA, sing the DSA clearsign'ed and then
> /usr/lib/sendmail -ti < DSA-2498-1.signed

It looks like the referenced sign-advisory.sh doesn't work for LTS
advisories:

$ /bin/sign-advisory.sh DLA-659-1 
tail: invalid number of lines: ‘+’
gpg: using "0x1784577F811F6EAC" as default secret key for signing

If I do a diff, looks like it removed the last line of my text.

With debugging:

$ bash -ex ./bin/sign-advisory.sh DLA-659-1
+ set -e
+ [[ 1 != 1 ]]
+ [[ DLA-659-1 == \-\h ]]
+ [[ DLA-659-1 == \-\-\h\e\l\p ]]
+ dsa=DLA-659-1
+ signed_dsa=DLA-659-1.signed
++ awk '/^-+/ {print NR ; exit}' DLA-659-1
+ n=
+ head -n -1 DLA-659-1
+ tail -n + DLA-659-1
+ gpg --clearsign
tail: invalid number of lines: ‘+’
gpg: using "0x1784577F811F6EAC" as default secret key for signing

-- 
Brian May <bam@debian.org>
Reply to: