On Tue, 2016-10-18 at 23:34 +0200, Ansgar Burchardt wrote:
> Ben Hutchings writes:
> > On Tue, 2016-10-18 at 22:55 +0200, Ansgar Burchardt wrote:
> > > Is there any documentation how this is supposed to work?
> > 
> > 
> > Nothing comprehensive as yet.  Where should it go?
> It doesn't need to be comprehensive.  I just would like to understand
> what needs to happen.

In brief:

1. A first source package (grub, linux, etc.) builds byhand tarballs
containing all the files that need signing, in addition to the usual
binary packages.

2. The byhand script on dak unpacks the tarball, generates detached
signatures using the appropriate key(s) and publishes another tarball
containing those signatures.

3. The maintainer prepares a second source package (grub-signed, linux-
signed, etc.) containing the detached signatures.  It build-depends on
the unsigned binary packages produces by the first source package, and
builds signed binary packages based on them.

I hope that answers all your questions.


Ben Hutchings
To err is human; to really foul things up requires a computer.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to