Hi Brian,

On Tue, Oct 18, 2016 at 08:02:53AM +1100, Brian May wrote:
> Salvatore Bonaccorso <car...@debian.org> writes:
> 
> > Btw, if you have a correctly configured local MTA, then maybe you can
> > just do the same as we do for DSA's:
> >
> > https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecFull#Sending_out_the_announcement_to_debian-security-announce
> >
> > write the DSA, sing the DSA clearsign'ed and then
> > /usr/lib/sendmail -ti < DSA-2498-1.signed
> 
> It looks like the referenced sign-advisory.sh doesn't work for LTS
> advisories:
> 
> $ /bin/sign-advisory.sh DLA-659-1 
> tail: invalid number of lines: ‘+’
> gpg: using "0x1784577F811F6EAC" as default secret key for signing
> 
> If I do a diff, looks like it removed the last line of my text.

Yes I realize, the same signing script will not work this way for the
DLA text format. The DSA starts the text with a

-------------------------------------------------------------------------
Debian Security Advisory DSA-$DSAID                   secur...@debian.org
https://www.debian.org/security/                 $SPACEDDEBFULLNAME
$SPACEDDATE                https://www.debian.org/security/faq
-------------------------------------------------------------------------

whereas the DLA template does not have such a heading part, so the
sign-advisory.sh cannot find the number of lines belonging to the
header.

If you have a fixed. Something like the following should work for DLA's
then:

( head -n 4 $1; tail -n +5 $1 | gpg --clearsign ) > $1.signed

HTH,

Regards,
Salvatore

Reply via email to