From: Joerg Jaspert <joerg@debian.org>
Date: Thu, 9 May 2013 08:57:10 +0000 (+0200)
Subject: let generate_releases be able to use multiple keys for a signature
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f07ddcc751034ae8fb036cfec0d27162412f83ba;p=dak

let generate_releases be able to use multiple keys for a signature

without having two signature blocks, which apt / co arent really checking.
now they get them presented in one block, so they might actually do so.

only really interesting whenever we do a key rollover of the ftpmaster key,
as we dont have the stable key available. pity, or it would work there to
to make this kind of "merged" signature.
---

diff --git a/dak/generate_releases.py b/dak/generate_releases.py
index 6a1bf84e..c1cad6bd 100755
--- a/dak/generate_releases.py
+++ b/dak/generate_releases.py
@@ -95,20 +95,13 @@ def sign_release_dir(suite, dirname):
         if os.path.exists(inlinedest):
             os.unlink(inlinedest)
 
-        # We can only use one key for inline signing so use the first one in
-        # the array for consistency
-        firstkey = True
-
         for keyid in suite.signingkeys or []:
-            defkeyid = "--default-key %s" % keyid
-
-            os.system("gpg %s %s %s --detach-sign <%s >>%s" %
-                    (keyring, defkeyid, arguments, relname, dest))
+            defkeyid = "--local-user %s" % keyid
 
-            if firstkey:
-                os.system("gpg %s %s %s --clearsign <%s >>%s" %
-                        (keyring, defkeyid, arguments, relname, inlinedest))
-                firstkey = False
+        os.system("gpg %s %s %s --detach-sign <%s >>%s" %
+                  (keyring, defkeyid, arguments, relname, dest))
+        os.system("gpg %s %s %s --clearsign <%s >>%s" %
+                  (keyring, defkeyid, arguments, relname, inlinedest))
 
 class ReleaseWriter(object):
     def __init__(self, suite):