This is an automated email from the git hooks/post-receive script. infinity0 pushed a commit to branch pu/debsign-buildinfo in repository devscripts.
commit 4b49b79d49a8b58fd3cea896a964dc121e14d1e1 Author: Ximin Luo <infini...@debian.org> Date: Thu Feb 16 18:18:12 2017 +0100 Update documentation to describe new behaviour with buildinfo --- scripts/debsign.1 | 64 ++++++++++++++++++++++++++---------------------------- scripts/debsign.sh | 31 +++++++++++++------------- 2 files changed, 46 insertions(+), 49 deletions(-) diff --git a/scripts/debsign.1 b/scripts/debsign.1 index 58ae301..900a61c 100644 --- a/scripts/debsign.1 +++ b/scripts/debsign.1 @@ -5,17 +5,14 @@ debsign \- sign a Debian .changes and .dsc file pair using GPG \fBdebsign\fR [\fIoptions\fR] [\fIchanges-file\fR|\fIdsc-file\fR|\fIcommands-file\fR ...] .SH DESCRIPTION \fBdebsign\fR mimics the signing aspects (and bugs) of -\fBdpkg-buildpackage\fR(1). It takes either an unsigned \fI.dsc\fR -file or an unsigned \fI.changes\fR file (along with the associated -unsigned \fI.dsc\fR file found by replacing the architecture name and -\fI.changes\fR by \fI.dsc\fR if it appears in the \fI.changes\fR -file), and signs them using the GNU Privacy Guard. It is -careful to calculate the size and checksums of the newly signed -\fI.dsc\fR file and replace the original values in the \fI.changes\fR -file. +\fBdpkg-buildpackage\fR(1). It takes a \fI.dsc\fR, \fI.buildinfo\fR, or +\fI.changes\fR file and signs it, and any child \fI.dsc\fR, +\fI.buildinfo\fR, or \fI.changes\fR files directly or indirectly +referenced by it, using the GNU Privacy Guard. It is careful to +calculate the size and checksums of any newly signed child files and +replace the original values in the parent file. .PP -If a \fI.changes\fR, \fI.dsc\fR or \fI.commands\fR file is specified, -it is signed, otherwise, \fIdebian/changelog\fR is parsed to determine +If no file is specified, \fIdebian/changelog\fR is parsed to determine the name of the \fI.changes\fR file to look for in the parent directory. .PP @@ -25,25 +22,28 @@ and the name specified in the Uploader field is used for signing. .PP This utility is useful if a developer must build a package on one machine where it is unsafe to sign it; they need then only transfer -the small \fI.dsc\fR and \fI.changes\fR files to a safe machine and -then use the \fBdebsign\fR program to sign them before +the small \fI.dsc\fR, \fI.buildinfo\fR and \fI.changes\fR files to a +safe machine and then use the \fBdebsign\fR program to sign them before transferring them back. This process can be automated in two ways. -If the files to be signed live on the \fBremote\fR machine, the \fB\-r\fR -option may be used to copy them to the local machine and back again -after signing. If the files live on the \fBlocal\fR machine, then they may -be transferred to the remote machine for signing using -\fBdebrsign\fR(1). +If the files to be signed live on the \fBremote\fR machine, the +\fB\-r\fR option may be used to copy them to the local machine and back +again after signing. If the files live on the \fBlocal\fR machine, then +they may be transferred to the remote machine for signing using +\fBdebrsign\fR(1). However note that it is probably safer to have your +trusted signing machine use \fBdebsign\fR to connect to the untrusted +non-signing machine, rather than using \fBdebrsign\fR to make the +connection in the reverse direction. .PP This program can take default settings from the \fBdevscripts\fR configuration files, as described below. .SH OPTIONS .TP .B \-r \fR[\fIusername\fB@\fR]\fIremotehost\fR -The \fI.changes\fR and \fI.dsc\fR files live on the specified remote -host. In this case, a \fI.changes\fR file must be explicitly named, -with an absolute directory or one relative to the remote home +The files to be signed live on the specified remote host. In this case, +a \fI.dsc\fR, \fI.buildinfo\fR or \fI.changes\fR file must be explicitly +named, with an absolute directory or one relative to the remote home directory. \fBscp\fR will be used for the copying. The -\fR[\fIusername\fB@\fR]\fIremotehost\fB:\fIchanges\fR syntax is +\fR[\fIusername\fB@\fR]\fIremotehost\fB:\fIfilename\fR syntax is permitted as an alternative. Wildcards (\fB*\fR etc.) are allowed. .TP .B \-p\fIprogname\fR @@ -89,10 +89,9 @@ signed file is found the user is asked if he or she likes to use the current signature. .TP \fB\-\-debs\-dir\fR \fIDIR\fR -Look for the \fI.changes\fR and \fI.dsc\fR files in directory -\fIDIR\fR instead of the parent of the source directory. This should -either be an absolute path or relative to the top of the source -directory. +Look for the files to be signed in directory \fIDIR\fR instead of the +parent of the source directory. This should either be an absolute path +or relative to the top of the source directory. .TP \fB\-\-no-conf\fR, \fB\-\-noconf\fR Do not read any configuration files. This can only be used as the @@ -123,14 +122,13 @@ And this is the \fB\-k\fR option. Always re-sign files even if they are already signed, without prompting. .TP .B DEBRELEASE_DEBS_DIR -This specifies the directory in which to look for the \fI.changes\fR -and \fI.dsc\fR files, and is either an absolute path or relative to -the top of the source tree. This corresponds to the -\fB\-\-debs\-dir\fR command line option. This directive could be -used, for example, if you always use \fBpbuilder\fR or -\fBsvn-buildpackage\fR to build your packages. Note that it also -affects \fBdebrelease\fR(1) in the same way, hence the strange name of -the option. +This specifies the directory in which to look for the files to be +signed, and is either an absolute path or relative to the top of the +source tree. This corresponds to the \fB\-\-debs\-dir\fR command line +option. This directive could be used, for example, if you always use +\fBpbuilder\fR or \fBsvn-buildpackage\fR to build your packages. Note +that it also affects \fBdebrelease\fR(1) in the same way, hence the +strange name of the option. .SH "SEE ALSO" .BR debrsign (1), .BR debuild (1), diff --git a/scripts/debsign.sh b/scripts/debsign.sh index c409b50..13041b3 100755 --- a/scripts/debsign.sh +++ b/scripts/debsign.sh @@ -1,9 +1,8 @@ #!/bin/sh -# This program is designed to GPG sign a .dsc and .changes file pair -# in the form needed for a legal Debian upload. It is based in part -# on dpkg-buildpackage. It takes one argument: the name of the -# .changes file. +# This program is designed to GPG sign .dsc, .buildinfo, or .changes +# files (or any combination of these) in the form needed for a legal +# Debian upload. It is based in part on dpkg-buildpackage. # Debian GNU/Linux debsign. Copyright (C) 1999 Julian Gilbey. # Modifications to work with GPG by Joseph Carter and Julian Gilbey @@ -60,13 +59,13 @@ mkremotefilesdir () { usage () { echo \ -"Usage: debsign [options] [changes, dsc or commands file] +"Usage: debsign [options] [changes, buildinfo, dsc or commands file] Options: -r [username@]remotehost - The machine on which the changes/dsc files live. - A changes file with full pathname (or relative - to the remote home directory) must be given in - such a case + The machine on which the files live. If given, then a + changes file with full pathname (or relative to the + remote home directory) must be given as the main + argument in the rest of the command line. -k<keyid> The key to use for signing -p<sign-command> The command to use for signing -e<maintainer> Sign using key of <maintainer> (takes precedence over -m) @@ -78,16 +77,16 @@ usage () { --re-sign Re-sign if the file is already signed. --no-re-sign Don't re-sign if the file is already signed. --debs-dir <directory> - The location of the .changes / .dsc files when called from + The location of the files to be signed when called from within a source tree (default "..") --no-conf, --noconf Don't read devscripts config files; must be the first option given --help Show this message --version Show version and copyright information - If a commands or dsc or changes file is specified, it and any .dsc files in - the changes file are signed, otherwise debian/changelog is parsed to find - the changes file. + If an explicit filename is specified, it along with any child .buildinfo and + .dsc files are signed. Otherwise, debian/changelog is parsed to find the + changes file. $MODIFIED_CONF_MSG" } @@ -225,7 +224,7 @@ unsignfile() { # successful invocation of debsign? We give the user the option of # resigning the file or accepting it as is. Returns success if already # and failure if the file needs signing. Parameters: $1=filename, -# $2=file description for message (dsc or changes) +# $2=file type for message (e.g. "changes", "commands") check_already_signed () { file_is_already_signed "$1" || return 1 @@ -736,7 +735,7 @@ case $# in exit 1 fi if [ -n "$remotehost" ]; then - echo "$PROGNAME: Need to specify a .changes, .dsc or .commands file location with -r!" >&2 + echo "$PROGNAME: Need to specify a remote file location when giving -r!" >&2 exit 1 fi if [ ! -r debian/changelog ]; then @@ -818,7 +817,7 @@ case $# in commands=$1 ;; *) - echo "$PROGNAME: Only a .changes, .dsc or .commands file is allowed as argument!" >&2 + echo "$PROGNAME: Only a .changes, .buildinfo, .dsc or .commands file is allowed as argument!" >&2 exit 1 ;; esac dosigning -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git _______________________________________________ devscripts-devel mailing list devscripts-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel