Hi Brian, On Tue, Oct 18, 2016 at 08:02:53AM +1100, Brian May wrote: > Salvatore Bonaccorso <[email protected]> writes: > > > Btw, if you have a correctly configured local MTA, then maybe you can > > just do the same as we do for DSA's: > > > > https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull#Sending_out_the_announcement_to_debian-security-announce > > > > write the DSA, sing the DSA clearsign'ed and then > > /usr/lib/sendmail -ti < DSA-2498-1.signed > > It looks like the referenced sign-advisory.sh doesn't work for LTS > advisories: > > $ /bin/sign-advisory.sh DLA-659-1 > tail: invalid number of lines: ‘+’ > gpg: using "0x1784577F811F6EAC" as default secret key for signing > > If I do a diff, looks like it removed the last line of my text.
Yes I realize, the same signing script will not work this way for the DLA text format. The DSA starts the text with a ------------------------------------------------------------------------- Debian Security Advisory DSA-$DSAID [email protected] https://www.debian.org/security/ $SPACEDDEBFULLNAME $SPACEDDATE https://www.debian.org/security/faq ------------------------------------------------------------------------- whereas the DLA template does not have such a heading part, so the sign-advisory.sh cannot find the number of lines belonging to the header. If you have a fixed. Something like the following should work for DLA's then: ( head -n 4 $1; tail -n +5 $1 | gpg --clearsign ) > $1.signed HTH, Regards, Salvatore
