[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Emdebian auto-signing

I'm working on Emdebian Integration [0] which will be using
post-processing to take packages uploaded by the buildds, remove
documentation and make other architecture-neutral changes, add a
version suffix and upload to the equivalent Emdebian suite. unstable
goes to unstable-grip etc.

I've got a question on how to arrange the GnuPG signing key which will
be used to sign the .changes files generated by the process using the
data from ries.

ries: crontab generates a file, pushes that file to the buildd via SSH.

buildd: downloads packages for multiple architectures, post-processes
them for Emdebian (adding the em1 version suffix, removing docs etc.)
and generates a series of .changes files suitable for upload to the
Emdebian suites (${suite}-grip, e.g. unstable-grip etc.).

ftp-master: receives the (smaller) packages with an em1 version suffix
targeted at the Emdebian suite, populates the suite and updates
projectb using dak so that the script on ries can use that data in
subsequent queries.

The buildd I'm thinking of using is www.emdebian.org which is a virtual
server hosted by bytemark, sponsored by toby-churchill.com.

What is involved in autosigning the .changes files for uploads from
this machine? Is it easier to adapt the buildd process to use one of
the existing amd64 buildd machines to run the Emdebian code (which is
many times faster than the equivalent package build)? If a different
machine is preferred, I'll adapt the emdebian-grip package in Debian to
prepare a minimal version which only has the dependencies needed for
the emgrip task itself. (dpkg-dev, devscripts {without recommends},
debhelper and patchutils {for dscextract}). If that's easier to manage
in a chroot, that's fine but it doesn't explicitly need a chroot.

I will need to set up an SSH connection to push the data file to
www.emdebian.org anyway to allow testing and initial setup.

I want to check if we should actually be using a different server or
whether autosigning involves requirements for access to the emdebian.org
machine and whether that is as an ordinary user just for the buildd
process or full access. I need to check with work before granting
access to the current machine. Is the signing separate from the buildd
process? If it is, does that involve copying the entire upload or just
the .changes file & .dsc?

Thanks for you help with this.

[0] http://wiki.debian.org/EmdebianIntegration
[1] http://wiki.debian.org/EmdebianIntegration#Mechanisms


Neil Williams

Attachment: pgp8bXNGlA58T.pgp
Description: PGP signature

Reply to: