Package: dpkg-sig
Version: 0.13
Severity: wishlist
Tags: patch
Dear Marc!
I know I can do this with debsign, but dpkg-sig has many advantages:
- it can hash the passphrase
- it can work on many changes file at once
So I would ask to add an option to sign only .dsc and .changes files
(if it is asked for with --sign_changes).
I added a --nosignbin option which does this. Ok not perfect, it could
warn if --nosignbin is given and not --sign_changes etc, but it works,
see attached patch.
Best wishes
Norbert
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (10, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-rc6-mm1
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages dpkg-sig depends on:
ii gnupg 1.4.2.2-1 GNU privacy guard - a free PGP rep
ii libconfigfile-perl 1.2.1 Parses simple configuration files
ii perl [libdigest-md5-perl] 5.8.8-3 Larry Wall's Practical Extraction
dpkg-sig recommends no packages.
-- no debconf information
--- dpkg-sig.orig 2006-03-14 12:24:12.000000000 +0100
+++ dpkg-sig 2006-03-14 12:22:48.000000000 +0100
@@ -52,7 +52,7 @@
%part_cache, $check_v2_sig, $check_v3_sig, $batch, $gpgoptions,
$passphrase, $remote_dpkg_sig, %ssh_connections, $sign_changes,
$get_hashes, $sign_hashes, $write_signature, $help, $DEBUG,
- $verify_pattern, $remote_ssh_port);
+ $verify_pattern, $remote_ssh_port, $nosignbin);
my @configfiles = qw(/etc/devscripts.conf ~/.devscripts);
@@ -133,8 +133,12 @@
if ($file =~ /\.deb$/) { #Yay! That's easy!
print "Processing $file...\n";
if ($sign) {
- sign_deb($sign, $file);
- print "Signed deb $file\n" if ! $batch;
+ if ($nosignbin) {
+ print "Skipping deb $file\n" if !
$batch;
+ } else {
+ sign_deb($sign, $file);
+ print "Signed deb $file\n" if ! $batch;
+ }
} elsif ($verify || $verify_role || $verify_exact) {
my @verify_output = verify_deb($file,
$verify_pattern);
print @verify_output;
@@ -173,9 +177,13 @@
print "Processing $deb...\n";
if ($sign) {
- my $r = sign_deb($sign, $deb);
- $new_debs{$r->[2]} = $r;
- print "Signed deb $deb\n" if ! $batch;
+ if ($nosignbin) {
+ print "Skipping deb $deb\n" if !
$batch;
+ } else {
+ my $r = sign_deb($sign, $deb);
+ $new_debs{$r->[2]} = $r;
+ print "Signed deb $deb\n" if !
$batch;
+ }
} elsif ($verify || $verify_role ||
$verify_exact) {
my @verify_output = verify_deb($deb,
$verify_pattern);
print @verify_output;
@@ -1832,6 +1840,7 @@
"gpg-options|g=s" => \$gpgoptions,
"remote-dpkg-sig|r=s" => \$remote_dpkg_sig,
"remote-ssh-port|o=i"
=> \$remote_ssh_port,
+ "nosignbin" =>
\$nosignbin,
);
$check_v2_sig = ($check_v2_sig && $check_v2_sig eq "false"?0:"yes");
$check_v3_sig = ($check_v3_sig && $check_v3_sig eq "false"?0:"yes");
