Re: inline gpg signatures from mutt
Hi Brian,
On Tue, Oct 18, 2016 at 08:02:53AM +1100, Brian May wrote:
> Salvatore Bonaccorso <carnil@debian.org> writes:
>
> > Btw, if you have a correctly configured local MTA, then maybe you can
> > just do the same as we do for DSA's:
> >
> > https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull#Sending_out_the_announcement_to_debian-security-announce
> >
> > write the DSA, sing the DSA clearsign'ed and then
> > /usr/lib/sendmail -ti < DSA-2498-1.signed
>
> It looks like the referenced sign-advisory.sh doesn't work for LTS
> advisories:
>
> $ /bin/sign-advisory.sh DLA-659-1
> tail: invalid number of lines: ‘+’
> gpg: using "0x1784577F811F6EAC" as default secret key for signing
>
> If I do a diff, looks like it removed the last line of my text.
Yes I realize, the same signing script will not work this way for the
DLA text format. The DSA starts the text with a
-------------------------------------------------------------------------
Debian Security Advisory DSA-$DSAID security@debian.org
https://www.debian.org/security/ $SPACEDDEBFULLNAME
$SPACEDDATE https://www.debian.org/security/faq
-------------------------------------------------------------------------
whereas the DLA template does not have such a heading part, so the
sign-advisory.sh cannot find the number of lines belonging to the
header.
If you have a fixed. Something like the following should work for DLA's
then:
( head -n 4 $1; tail -n +5 $1 | gpg --clearsign ) > $1.signed
HTH,
Regards,
Salvatore
Reply to: