[PATCH] submit signed .buildinfo files to buildinfo.debian.net

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Oct 31 22:00:07 UTC 2016


On Mon 2016-10-31 17:43:16 -0400, Holger Levsen wrote:
> On Sat, Oct 29, 2016 at 11:28:46AM +0100, Chris Lamb wrote:
>> Updated sign-buildinfo-submissions-with-gpg-key. I didn't squash &
>> force push so that dkg's contribution is correctly attributed. :)
>
> cool!
>
>> (I *think* I'm understanding how & where update_jdn.sh is called, so
>> please check the conditional makes sense; we want the individual build
>> notes to sign the keys, not the jenkins master).
>
> thanks a lot! it just needed a small 
>
> we might use gpg signing for other purposes, so I removed that
> constraint…
>
> this is the result, seems to work nicely except one detail:
>
> gpg: directory `/var/lib/jenkins/.gnupg' created
> gpg: new configuration file `/var/lib/jenkins/.gnupg/gpg.conf' created
> gpg: WARNING: options in `/var/lib/jenkins/.gnupg/gpg.conf' are not yet
> active during this run
> gpg: keyring `/var/lib/jenkins/.gnupg/secring.gpg' created
> gpg: keyring `/var/lib/jenkins/.gnupg/pubring.gpg' created
> gpg: /var/lib/jenkins/.gnupg/trustdb.gpg: trustdb created
> wbq0: Mon Oct 31 21:38:09 UTC 2016 - Generating GPG key for jenkins
> user.
> gpg: skipping control `%no-ask-passphrase' ()
> gpg: skipping control `%no-protection' ()
> .......+++++

I see no errors here.  was there a hang or something?  If so, maybe that
machine is low on entropy?

> gpg: directory `/var/lib/jenkins/.gnupg' created
> gpg: new configuration file `/var/lib/jenkins/.gnupg/gpg.conf' created
> gpg: WARNING: options in `/var/lib/jenkins/.gnupg/gpg.conf' are not yet
> active during this run
> gpg: keyring `/var/lib/jenkins/.gnupg/secring.gpg' created
> gpg: keyring `/var/lib/jenkins/.gnupg/pubring.gpg' created
> gpg: /var/lib/jenkins/.gnupg/trustdb.gpg: trustdb created
> jtk1a: Mon Oct 31 21:37:54 UTC 2016 - Generating GPG key for jenkins
> user.
> gpg: -:4: missing argument

I'm totally confused by this one.  these are the same commands running
on each host, right?  line for of stdin in this case was (if i'm
understanding fadd6ac719be7514ee0f54a787b36df81fda17df correctly)
"hostname -a", which was silently changed from "hostname -f" in the
prior version.  i dunno why anyone cares about -a (hostname(1) suggests
that it is deprecated), but if you want to use it, and it returns the
empty string on some hosts, you can prefix the whole thing with
something like "Name-Real: r-b builder $(hostname -a)" so that it's
guaranteed to not be the empty string.


really happy to see this moving along!  thanks to lamby and holger for
pushing on it.

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20161031/6f44d050/attachment.sig>


More information about the Reproducible-builds mailing list