Package: devscripts
Version: 2.14.1
Severity: normal
Tags: patch
For keyring-maint work, we gpg-sign each individual commit to the
repository. We were until now using a Bazaar repository, but as we are
switching to Git, we can no longer specify that commit messages should
be signed by default.
I usually do my keyring-maint commits via debcommit; this simple patch
solves our use case (and you see here included my ~/.devscripts
putting it in action).
Ah, and FWIW: I chose to leave the configuration variable as
"DEBCOMMIT_SIGN_COMMITS", because its meaning is in plural (always
sign the commits), but the command line switch in singular
(--sign-commit), because it only applies to the current case.
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
DEBSIGN_KEYID=C1DB921F
DEBCOMMIT_SIGN_COMMITS=yes
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages devscripts depends on:
ii dpkg-dev 1.17.6
ii libc6 2.18-3
ii perl 5.18.2-2
ii python3 3.3.4-1
pn python3:any <none>
Versions of packages devscripts recommends:
ii at 3.1.14-1
ii curl 7.35.0-1
ii dctrl-tools 2.23
pn debian-keyring <none>
ii dput 0.9.6.4
ii equivs 2.0.9
ii fakeroot 1.20-3
ii gnupg 1.4.16-1.1
ii libdistro-info-perl 0.12
ii libencode-locale-perl 1.03-1
ii libjson-perl 2.61-1
ii liblwp-protocol-https-perl 6.04-2
ii libparse-debcontrol-perl 2.005-4
ii libsoap-lite-perl 1.10-1
ii liburi-perl 1.60-1
ii libwww-perl 6.05-2
ii lintian 2.5.21
ii man-db 2.6.6-1
ii patch 2.7.1-4
ii patchutils 0.3.2-3
ii python3-debian 0.1.21+nmu2
ii python3-magic 1:5.17-0.1
ii sensible-utils 0.0.9
ii strace 4.5.20-2.3
ii unzip 6.0-10
ii wdiff 1.2.1-2
ii wget 1.15-1
ii xz-utils 5.1.1alpha+20120614-2
Versions of packages devscripts suggests:
ii bsd-mailx [mailx] 8.1.2-0.20131005cvs-1
ii build-essential 11.6
ii cvs-buildpackage 5.23
ii devscripts-el 35.11
ii gnuplot 4.6.4-2
ii gpgv 1.4.16-1.1
ii libauthen-sasl-perl 2.1500-1
ii libfile-desktopentry-perl 0.07-1
ii libnet-smtp-ssl-perl 1.01-3
ii libterm-size-perl 0.207-1+b1
ii libtimedate-perl 2.3000-1
ii libyaml-syck-perl 1.27-2+b1
ii mutt 1.5.21-6.4
ii openssh-client [ssh-client] 1:6.5p1-4
ii svn-buildpackage 0.8.5
ii w3m 0.5.3-15
-- no debconf information
--- /usr/bin/debcommit 2014-01-25 21:17:55.000000000 -0600
+++ /tmp/debcommit 2014-03-07 12:43:33.000000000 -0600
@@ -82,6 +82,11 @@
This option is set by default and ignored if more than one line of
the message begins with "[*+-] ".
+=item B<--sign-commit>, B<--no-sign-commit>
+
+If this option is set, then the commits that debcommit creates will be
+signed using gnupg. Currently this is only supported by git.
+
=item B<--sign-tags>, B<--no-sign-tags>
If this option is set, then tags that debcommit creates will be signed
@@ -116,6 +121,11 @@
If this is set to I<yes>, then it is the same as the B<--sign-tags> command
line parameter being used. The default is I<no>.
+=item B<DEBCOMMIT_SIGN_COMMITS>
+
+If this is set to I<yes>, then it is the same as the B<--sign-commit>
+command line parameter being used. The default is I<no>.
+
=item B<DEBCOMMIT_RELEASE_USE_CHANGELOG>
If this is set to I<yes>, then it is the same as the B<--release-use-changelog>
@@ -204,6 +214,8 @@
-a --all Commit all files (default except for git)
-s --strip-message Strip the leading '* ' from the commit message
--no-strip-message Do not strip a leading '* ' (default)
+ --sign-commit Enable signing of the commit (git only)
+ --no-sign-commit Do not sign the commit (default)
--sign-tags Enable signing of tags (git only)
--no-sign-tags Do not sign tags (default)
--changelog-info Use author and date information from the changelog
@@ -240,6 +252,7 @@
my $edit=0;
my $all=0;
my $stripmessage=1;
+my $signcommit=0;
my $signtags=0;
my $changelog;
my $changelog_info=0;
@@ -257,6 +270,7 @@
my @config_files = ('/etc/devscripts.conf', '~/.devscripts');
my %config_vars = (
'DEBCOMMIT_STRIP_MESSAGE' => 'yes',
+ 'DEBCOMMIT_SIGN_COMMITS' => 'no',
'DEBCOMMIT_SIGN_TAGS' => 'no',
'DEBCOMMIT_RELEASE_USE_CHANGELOG' => 'no',
'DEBSIGN_KEYID' => '',
@@ -278,6 +292,8 @@
# Check validity
$config_vars{'DEBCOMMIT_STRIP_MESSAGE'} =~ /^(yes|no)$/
or $config_vars{'DEBCOMMIT_STRIP_MESSAGE'}='yes';
+ $config_vars{'DEBCOMMIT_SIGN_COMMITS'} =~ /^(yes|no)$/
+ or $config_vars{'DEBCOMMIT_SIGN_COMMITS'}='no';
$config_vars{'DEBCOMMIT_SIGN_TAGS'} =~ /^(yes|no)$/
or $config_vars{'DEBCOMMIT_SIGN_TAGS'}='no';
$config_vars{'DEBCOMMIT_RELEASE_USE_CHANGELOG'} =~ /^(yes|no)$/
@@ -292,6 +308,7 @@
chomp $modified_conf_msg;
$stripmessage = $config_vars{'DEBCOMMIT_STRIP_MESSAGE'} eq 'no' ? 0 : 1;
+ $signcommit = $config_vars{'DEBCOMMIT_SIGN_COMMITS'} eq 'no' ? 0 : 1;
$signtags = $config_vars{'DEBCOMMIT_SIGN_TAGS'} eq 'no' ? 0 : 1;
$release_use_changelog = $config_vars{'DEBCOMMIT_RELEASE_USE_CHANGELOG'} eq 'no' ? 0 : 1;
if (exists $config_vars{'DEBSIGN_KEYID'} &&
@@ -321,6 +338,7 @@
"a|all" => \$all,
"c|changelog=s" => \$changelog,
"s|strip-message!" => \$stripmessage,
+ "sign-commit!" => \$signcommit,
"sign-tags!" => \$signtags,
"changelog-info!" => \$changelog_info,
"R|release-use-changelog!" => \$release_use_changelog,
@@ -535,6 +553,11 @@
if ($changelog_info) {
@extra_args = ("--author=$maintainer", "--date=$date");
}
+ if ($signcommit) {
+ my $sign = '-gpg--sign';
+ $sign .= "=$keyid" if $keyid;
+ push(@extra_args, $sign);
+ }
$action_rc = action($prog, "commit", "-m", $message, @extra_args, @files_to_commit);
}
}
