El lun, 20 abr 2026 a las 0:55, Agustin Martin (<[email protected]>) escribió: > > On Sat, Oct 18, 2025 at 11:26:15PM -0700, Otto Kekäläinen wrote: > > What about having one template GitHub with no signature checking (the > > one now, as it can't do either git tag signatures nor detached > > singatures), and then one GitHubSignedTags and one > > GitHubSignedReleases? > > Hi, > > I have been recently playing with signed stuff and the Github template, and > seems that things are more diverse that I expected. So, It is unclear to me > that a separate GitHubSignedTags template is going to be as useful as > expected. > > In particular, I played with [#1120727 devscripts: watch 5 support for > github libarchive] and, apart from a code reorganization to make things > easier to me, required changes to Github template were not that drastic. > However, that did not help with #1118381 or 1118383.
Hi, Did not reach something general working for detached signatures in both maria-db and libarchive, but wrote something that can help with 'mode=git' and 'pgpmode=gittag'. I am attaching the current result of my tests as a proof of concept. Part that helps with libarchive is ugly and I think should not be used in that way, since it does not work with maria-db, but the other things may help. First there is a template reorganization with three sections. In first one some variables are defined with defaults for the general case. Second section tries to modify those defaults for some particular cases. Finally, in third section assignations are done. In second section I also set 'mode=git' if 'pgpmode=gittag' and was not previously set. I think this is reasonable. This part seems to work (only a warning "warning: refs/tags/v1.3.0 ffa336279080e519c8d9cc7894a444f3476c369f is not a commit!", apparetly harmless) Part using 'pgpmode=auto' for libarchive is anything but generat (so IMHO is not ready) but adding it in case is useful. Some discussion about this last thing. I have checked both libarchive and mariadb for detached signatures support and they are different and difficult to deal with a single set of rules. I do not know how many different layouts we may have for detached signatures. If only a few and clear enough, we could use a new template parameter (something like 'Detached-Signature-Layout') to handle one or other. Did not have time to check more packages with detached signatures. Anyway, I think that the change in structure is good (and would save having another template for signed stuff), as well as the 'mode=git' stuff. If you agree I can prepare a MR with only this part (leaving detached signatures outside). Hope this helps, -- Agustin
Github.pm
Description: Perl program
