Re: Separate gpg signing from package building

To: debian-mentors@lists.debian.org
Subject: Re: Separate gpg signing from package building
From: The Wanderer <wanderer@fastmail.fm>
Date: Mon, 14 Jul 2014 07:53:25 -0400
Message-id: <[🔎] 53C3C4B5.8040707@fastmail.fm>
In-reply-to: <[🔎] CAKTje6HV-40og0Jk2Nc1C=FMQiSqBxRr7D0y188DUxZ+H9aW+Q@mail.gmail.com>
References: <[🔎] lpvkie$c5h$5@ger.gmane.org> <[🔎] CAKTje6GtXJ1m5HdpGZ84qCi7tk0bDT=wBKBF2uz9wypVf6+H1w@mail.gmail.com> <[🔎] 53C35D0A.5000907@fastmail.fm> <[🔎] CAKTje6HV-40og0Jk2Nc1C=FMQiSqBxRr7D0y188DUxZ+H9aW+Q@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/14/2014 12:56 AM, Paul Wise wrote:

> On Mon, Jul 14, 2014 at 12:31 PM, The Wanderer wrote:

>> I don't remember reading an explanation of how to do this in the
>> New Maintainers' Guide or similar documentation, and I don't see an
>> obvious way in the man pages I know to check first off. Is it
>> possible?
> 
> As I said in my previous mail:
> 
> The dpkg-buildpackage manual page documents that you should pass -us
> to not sign the dsc and -uc to not sign the changes file. The debuild
> manual page documents that the contents of the
> DEBUILD_DPKG_BUILDPACKAGE_OPTS config option are passed to
> dpkg-buildpackage.

That explains how to build without signing, but not how to sign after
building (which you have now done).

> In addition the debuild manual page mentions debsign, which can be 
> used to sign or re-sign .dsc/.changes files.

Fair enough. That does ring a faint bell as something I'd run across
before; I just hadn't bothered to re-research this before posting, as I
was in "clarify what I understood the question to be" mode.

- --
   The Wanderer

Secrecy is the beginning of tyranny.

A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJTw8S1AAoJEASpNY00KDJrvgQQAIDQGPVDW+eiT6T5oagyTMUh
LCV43X1jiEJ/Pd65qsmuI3EE67D85CCORb/KpIn7gmIartF3BHCjVnJf2ADNO8Ou
FkWjzkQBt0OkYS8drNL9BkOYBjX93uVHaJedUQrBdOd8NjoBu8Vw0Xf+G+nOL5L2
haYu0mVppZ+oj7A4Z71xmew8VkJc6v6SxvfpHeVZC2baqvEjDu7sKRd9XyZgsdxu
qlfQ8u2Hf5iuutMT+7ov1rQMLBZr1ejke+ohuSlcBCKB3DMrLDjjoSbBg2DFBUAL
I3j6HG5SlzaqaHyRQDvFZ/plqEQoViFme89Yj3vRre3O1NAkr4El4CyyU0FE4apo
KeIAfT+2EartabaChoFUq1uKCYgROBNSEDuuxapmzw8FCvFcupazSt3yN46OSs7N
YOmPXTfX9ioZzPQrGrIbGpdO8ijq7aYhE+fBz3TUiav8FdEqLVP+P6kn7mt8qnef
8Y+xn39BNojcBOt0+MiVG8Qs+/6Fi88qPCbMAv1lPOwbhZsPFPQrb6ph0zEqgx5Q
kB83JueXYGeGKCHDECugT8/l5th9EfM20uu7KU/aT43HptrW4j+JU1sH3HY96OeG
sOVsnR6DPe3xEgGQ2mSH7ys9F19pLUMshxuv4gr/OhOYb3vbHGy2yu9vmfGZedMe
9236ALL+OBVaVz2nXoAy
=AOrs
-----END PGP SIGNATURE-----

Reply to:

References:
- Separate gpg signing from package building
  - From: T o n g <mlist4suntong@yahoo.com>
- Re: Separate gpg signing from package building
  - From: Paul Wise <pabs@debian.org>
- Re: Separate gpg signing from package building
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: Separate gpg signing from package building
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Separate gpg signing from package building
Next by Date: Re: Separate gpg signing from package building
Previous by thread: Re: Separate gpg signing from package building
Next by thread: Re: Separate gpg signing from package building
Index(es):
- Date
- Thread