Bug#862059: sbuild: please sign buildinfo files

Steven Chamberlain stevenc at debian.org
Sun May 7 22:20:14 UTC 2017

Package: sbuild
Version: 0.73.0-4
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: infrastructure


dpkg-buildpackage typically generates a .changes and .buildinfo file,
and signs both (since at least dpkg 1.18.19).

But when using sbuild, dpkg-buildpackage inside of the build chroot does
not do the signing, but rather sbuild signs the .changes file afterward.

Please could that code be updated to also sign the .buildinfo (if one
was created).

I have not tested the attached patch (yet?) but it explains the issue at
least.  Here is typical output where only the .changes file gets signed:

> ────────────────────────────────────────────────────────────────────────────────
> Finished at 20170314-2338
> Build needed 00:00:43, 5660k disc space
> Signature with key 'F2F4A5FC' requested:
>  signfile /home/buildd/build/hello_2.10-1+b1_amd64.changes F2F4A5FC
> Successfully signed changes file

The relevance/importance of this is that official Debian package builds
produce .buildinfo files now, and dak archives them, but they are not
being signed yet.


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 10.1-0-amd64
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sbuild.diff
Type: text/x-diff
Size: 1570 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170507/7fec732b/attachment.diff>

More information about the Reproducible-builds mailing list