From: Joerg Jaspert Date: Thu, 9 May 2013 08:57:10 +0000 (+0200) Subject: let generate_releases be able to use multiple keys for a signature X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f07ddcc751034ae8fb036cfec0d27162412f83ba;p=dak let generate_releases be able to use multiple keys for a signature without having two signature blocks, which apt / co arent really checking. now they get them presented in one block, so they might actually do so. only really interesting whenever we do a key rollover of the ftpmaster key, as we dont have the stable key available. pity, or it would work there to to make this kind of "merged" signature. --- diff --git a/dak/generate_releases.py b/dak/generate_releases.py index 6a1bf84e..c1cad6bd 100755 --- a/dak/generate_releases.py +++ b/dak/generate_releases.py @@ -95,20 +95,13 @@ def sign_release_dir(suite, dirname): if os.path.exists(inlinedest): os.unlink(inlinedest) - # We can only use one key for inline signing so use the first one in - # the array for consistency - firstkey = True - for keyid in suite.signingkeys or []: - defkeyid = "--default-key %s" % keyid - - os.system("gpg %s %s %s --detach-sign <%s >>%s" % - (keyring, defkeyid, arguments, relname, dest)) + defkeyid = "--local-user %s" % keyid - if firstkey: - os.system("gpg %s %s %s --clearsign <%s >>%s" % - (keyring, defkeyid, arguments, relname, inlinedest)) - firstkey = False + os.system("gpg %s %s %s --detach-sign <%s >>%s" % + (keyring, defkeyid, arguments, relname, dest)) + os.system("gpg %s %s %s --clearsign <%s >>%s" % + (keyring, defkeyid, arguments, relname, inlinedest)) class ReleaseWriter(object): def __init__(self, suite):