On Sat, Aug 10, 2013 at 04:38:28PM +0200, Ross Gammon wrote: > I have tried signing the the changes file with debsign "debsign > foopackage.changes", but I assume this is just like the signing that > the standard dpkg-buildpackage does?
Personally, I use debsign -k <my-key-id> <changesfile> to ensure that my package is signed. Following this, you can open the changes file and the dsc file to see that they have been clearsigned. For instance, an unsigned changes file looks like this: ========== Format: 1.8 Date: Thu, 06 Jun 2013 08:07:48 -0400 Source: armadillo Binary: libarmadillo-dev libarmadillo3 Architecture: source amd64 Version: 1:3.900.2+dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian Science Maintainers <[email protected]> Changed-By: Kumar Appaiah <[email protected]> Description: libarmadillo-dev - streamlined C++ linear algebra library - Headers libarmadillo3 - streamlined C++ linear algebra library Changes: armadillo (1:3.900.2+dfsg-1) unstable; urgency=low . * New upstream release Checksums-Sha1: [snip] … ========== while a signed one looks like this: ========== -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 05 Aug 2013 07:30:51 -0400 Source: armadillo Binary: libarmadillo-dev libarmadillo3 Architecture: source amd64 Version: 1:3.900.7+dfsg-1 Distribution: unstable Urgency: low Maintainer: Debian Science Maintainers <[email protected]> Changed-By: Kumar Appaiah <[email protected]> Description: libarmadillo-dev - streamlined C++ linear algebra library - Headers libarmadillo3 - streamlined C++ linear algebra library Changes: armadillo (1:3.900.7+dfsg-1) unstable; urgency=low . * New upstream release Checksums-Sha1: [snip] … -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJR/5EqAAoJEHqPSei2NIC+8IQQAJjhENzH49LzkhbRJPqWsXoS jz139BdDS86l0z9uPEbp4Y6kyXYT61FynO9Cq+PTeFFL0Im1bkJED1PlpRqqJRWw RFyDTQLEmI6alfQDX45P4A24bQr0vDsYSBR6CgA47on0IstKhUaeXgiygvGryCgA 2N2yErFwjc9rh6OsVO8rr4WeHrq3wdocSb6mCXt7e7ewlgyCXNn5yC8p9O21/mhf FS1U5VLH6yTkC/EFPrV8qGkzGBl3c3+f8mkf2H8DRiKzYcdU9THVvp4oOCtmPsdT pD3Q3HA62VIIqma533gO8h18a+2b34z5RIb4q0NFEariHztPwLzHqO/FZnoDzaZG Z8pSg6yqVDhHl/WSagWyQ9//7uWdZ1lPHtLn3qI5JEOrY2JYD6sppGgIGYsJSR4j /Zvh9e18iHFPC+HWzk/XOWlOp+iIPYDCkr1fwN1VBN8WTBEv27b76aDHgFdsXVRX HQ7eJYhOMhqEq7qu3IjJcraa4K7Y76gYdXCA3OT9Ppbw+JNzS3yIr2Ph07qtwS2m vTPNZZT2bacx1kqXUROuSWsVi6rGdIvfGDuI5mQdDmp1UnbP2u1Mvh7NdVG8x8km RNuqLXhjeTFR9TRElSDByo5sefaVYcecPYronYgt46KxLnTdio+Te+Y8EuqAXmSu DLkXuKCe/6rQEuvtNDkS =xeRH -----END PGP SIGNATURE----- ========== Not that the signature is embedded in. > Is there a way to upload to mentors without needing to sign it with a > key signed by a DM or DD? Or should I just wait until my local DD's > get back from Debconf? Just try the above. Ensure that they key used for signing is the key known the the mentors site, and things should go well. You can verify this by doing gpg --verify <changesfile> yourself, after running debsign. HTH. Kumar -- Checking host system type... i586-unknown-linux configure: error: sorry, this is the gnu os, not linux -- Topic on #Linux -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
