From f07ddcc751034ae8fb036cfec0d27162412f83ba Mon Sep 17 00:00:00 2001 From: Joerg Jaspert Date: Thu, 9 May 2013 10:57:10 +0200 Subject: [PATCH] let generate_releases be able to use multiple keys for a signature without having two signature blocks, which apt / co arent really checking. now they get them presented in one block, so they might actually do so. only really interesting whenever we do a key rollover of the ftpmaster key, as we dont have the stable key available. pity, or it would work there to to make this kind of "merged" signature. --- dak/generate_releases.py | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/dak/generate_releases.py b/dak/generate_releases.py index 6a1bf84e..c1cad6bd 100755 --- a/dak/generate_releases.py +++ b/dak/generate_releases.py @@ -95,20 +95,13 @@ def sign_release_dir(suite, dirname): if os.path.exists(inlinedest): os.unlink(inlinedest) - # We can only use one key for inline signing so use the first one in - # the array for consistency - firstkey = True - for keyid in suite.signingkeys or []: - defkeyid = "--default-key %s" % keyid - - os.system("gpg %s %s %s --detach-sign <%s >>%s" % - (keyring, defkeyid, arguments, relname, dest)) + defkeyid = "--local-user %s" % keyid - if firstkey: - os.system("gpg %s %s %s --clearsign <%s >>%s" % - (keyring, defkeyid, arguments, relname, inlinedest)) - firstkey = False + os.system("gpg %s %s %s --detach-sign <%s >>%s" % + (keyring, defkeyid, arguments, relname, dest)) + os.system("gpg %s %s %s --clearsign <%s >>%s" % + (keyring, defkeyid, arguments, relname, inlinedest)) class ReleaseWriter(object): def __init__(self, suite): -- 2.39.2