68b29afe52
I had 5 ways forward, I picked #6 1) don't sign. That's generally only acceptable for private packages 2) Make whomever edited the changelog last create signed .deb and .dsc. This seems like a pain for whomever is developing the packages 3) Change the changelog to a uid in the signing.key. I did not like taking credit away from whomever SHOULD be in the changelog 4) Have the distributing person add the changelog email address as an additional uid in their pgp key... this sounds like bad practice to me. 5) Build the .deb package, break it apart, manually sign, and re- archive. While possible, seemed prone to failure in corner cases down the road... 6) Use -p option of pgp to point to a script removing the the --local-user option that was forcing the .deb to be signed by the last developer of the changelog, not the person generating the distributions. This seemed best... Does not handle the public key yet in Debian
17 lines
238 B
Bash
Executable File
17 lines
238 B
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
ARGS=()
|
|
while [ "$1" != "" ]; do
|
|
if [ "$1" == "--local-user" ]; then
|
|
shift
|
|
else
|
|
ARGS+=("$1")
|
|
fi
|
|
shift
|
|
done
|
|
|
|
if which gpg2 > /dev/null 2>&1; then
|
|
exec gpg2 "${ARGS[@]}"
|
|
else
|
|
exec gpg "${ARGS[@]}"
|
|
fi |