[opensuse-buildservice] ubuntu archives and x86_64
Hi, I think this is more a question to the build admins ;) Do you plan as well some debian/ubuntu x86_64 architecture archives? Furthermore, how are you going to deal with signing debian packages? debsign (from debians/ubuntus devscripts package) is not provided in the "deb" rpm. You could do it via the normal "gpg" tool, but for the "plain" debian package maintainer it's normal to use the debian tools. Furthermore it gives the people the right way to do deal with debian packages. I could provide a patch against the "deb" package, where I include this source form devscripts, because opensuse doesn't need all of the provided scripts in this package. What do you think? \sh -- Stephan Hermann eMail: sh@sourcecode.de Blog: http://linux.blogweb.de/ JID: sh@linux-server.org OSS-Developer and Admin --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Sat, Jun 16, 2007 at 02:38:06AM +0200, Stephan Hermann wrote:
I think this is more a question to the build admins ;)
Do you plan as well some debian/ubuntu x86_64 architecture archives?
Furthermore, how are you going to deal with signing debian packages? debsign (from debians/ubuntus devscripts package) is not provided in the "deb" rpm. You could do it via the normal "gpg" tool, but for the "plain" debian package maintainer it's normal to use the debian tools. Furthermore it gives the people the right way to do deal with debian packages.
I could provide a patch against the "deb" package, where I include this source form devscripts, because opensuse doesn't need all of the provided scripts in this package.
We're doing the signing in a bit different way, so I'll have to write my own little sign tool. Is it now settled how to sign a debian binary package? AFAIR there were two different tools available. Thanks, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi Michael, Am Montag, den 18.06.2007, 09:56 +0200 schrieb Michael Schroeder:
On Sat, Jun 16, 2007 at 02:38:06AM +0200, Stephan Hermann wrote:
I think this is more a question to the build admins ;)
Do you plan as well some debian/ubuntu x86_64 architecture archives?
Furthermore, how are you going to deal with signing debian packages? debsign (from debians/ubuntus devscripts package) is not provided in the "deb" rpm. You could do it via the normal "gpg" tool, but for the "plain" debian package maintainer it's normal to use the debian tools. Furthermore it gives the people the right way to do deal with debian packages.
I could provide a patch against the "deb" package, where I include this source form devscripts, because opensuse doesn't need all of the provided scripts in this package.
We're doing the signing in a bit different way, so I'll have to write my own little sign tool. Is it now settled how to sign a debian binary package? AFAIR there were two different tools available.
That's why I was asking. Normally, you sign debian packages with your own key, just the Release file in the repositories are signed with the "release maintainer key" from the distro. So, we have two different ways of signing. 1. Signing the packages with the maintainers/uploaders (for sponsoring uploads) key (normally done via debsign or debuild) 2. Signing the Release file for official repositories (see e.g. http://archive.ubuntu.com/ubuntu/dists/feisty/Release and http://archive.ubuntu.com/ubuntu/dists/feisty/Release.gpg) The second signing is easy, I think it's the same for all distros, doesn't matter if it's rpm or deb. The first signing is different. I know in the spec file there is the possibility of signing the resulting packages too, but I don't know if it's handled like in debian. Regards, \sh -- Stephan Hermann eMail: sh@sourcecode.de Blog: http://linux.blogweb.de/ JID: sh@linux-server.org OSS-Developer and Admin --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Mon, Jun 18, 2007 at 10:33:58AM +0200, Stephan Hermann wrote:
1. Signing the packages with the maintainers/uploaders (for sponsoring uploads) key (normally done via debsign or debuild) 2. Signing the Release file for official repositories (see e.g. http://archive.ubuntu.com/ubuntu/dists/feisty/Release and http://archive.ubuntu.com/ubuntu/dists/feisty/Release.gpg)
Seems like we should also genreate a "Release" file in the build service, not just a "Packages" file. True? (But what would be the "Version" entry in the Release file?)
The second signing is easy, I think it's the same for all distros, doesn't matter if it's rpm or deb.
The first signing is different. I know in the spec file there is the possibility of signing the resulting packages too, but I don't know if it's handled like in debian.
Yes, there is dpkg-sig and debsign. What't the "official" tool for signing a binary package? Or is it yet undecided? Thanks, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Am Montag, den 18.06.2007, 10:51 +0200 schrieb Michael Schroeder:
On Mon, Jun 18, 2007 at 10:33:58AM +0200, Stephan Hermann wrote:
1. Signing the packages with the maintainers/uploaders (for sponsoring uploads) key (normally done via debsign or debuild) 2. Signing the Release file for official repositories (see e.g. http://archive.ubuntu.com/ubuntu/dists/feisty/Release and http://archive.ubuntu.com/ubuntu/dists/feisty/Release.gpg)
Seems like we should also genreate a "Release" file in the build service, not just a "Packages" file. True? (But what would be the "Version" entry in the Release file?)
Well, 1.0 just in case ;)
The second signing is easy, I think it's the same for all distros, doesn't matter if it's rpm or deb.
The first signing is different. I know in the spec file there is the possibility of signing the resulting packages too, but I don't know if it's handled like in debian.
Yes, there is dpkg-sig and debsign. What't the "official" tool for signing a binary package? Or is it yet undecided?
Depends on what you upload. Source uploads are done this way: You need a signed .dsc file and a signed *_source.changes file For binary only uploads you need: a signed _i386.changes file The official tool is always debsign, you can feed .dsc files, and .changes files and .command files. Regards, \sh -- Stephan Hermann eMail: sh@sourcecode.de Blog: http://linux.blogweb.de/ JID: sh@linux-server.org OSS-Developer and Admin --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (2)
-
Michael Schroeder -
Stephan Hermann