Andrej Shadura writes ("Bug#1108267: git-debpush should allow selecting the key
to sign with"):
> I use multiple email addresses when committing, and often commit using
> my non-Debian email address. When I run git-debpush, this will result
> in the tag being signed by a key that’s not in the keyring, resulting in
> tag2upload rejecting my upload.
I'm not sure why the committer is relevant? Do you just mean that
your git is configured by default to use a name and email that don't
correspond to your key? But I don't think those influence key
selection at all.
Currently, git-debpush just uses git-tag and by default allows git-tag
to choose which key to use. I believe git-tag then just lets gnupg
decide.
I think your desired behaviour is that the git-debpush tag has the
your default git committer name/email but is signed by your Debian
key? Or do you want it to have a different name/email in the tag?
Sean Whitton writes ("Bug#1108267: git-debpush should allow selecting the key
to sign with"):
> This is a something of a minefield because there are also DEBFULLNAME
> and DEBEMAIL.
Arguably we should use those for the tagger line in the tag?
> In my ~/.devscripts I have both DEB_SIGN_KEYID and DEBSIGN_KEYID; I have
> no idea why. Do you have references for these two variables?
Sean, you'll want to read RTFM debsign(1). It actually explains the
behaviour (!) See in particular its CONFIGURATION VARIABLES section,
and the description of `-mmaintainer`.
> It would be better to rely on existing env vars / config rather than
> adding new git config options.
I agree with this.
Open questions (which may overlap):
Q1. How mkuch do we want to mimic the behaviour of debsign (which in
turn is trying to mirror the behaviour of dpkg-source but AFAICT
with extra env vars) ?
Q3. What is the flow of information/defaults:
(a) Calculate the tagger line (name and email address) order.
Then use that as the default for the key username.
(b) Do the tagger name and email address separately from
the key username / keyid (so name/email address env vars and
command line options don't influence key selecction) ?
(c) Always just use the name/email from git for the tagger line,
and only allow overriding of the -u option to git-tag.
Q4. Which env vars are we going to use? DEBFULLNAME/DEBEMAIL are very
commonly set and many tools use them. DEBSIGN_KEY seems useful.
DEBSIGN_MAINT ?
Q5. Are we going to have the d/changelog Changed-by information
influence the tagger line and/or key selection? debsign does.
dgit allows the dchangelog to influence author/committer lines and
I think also tagger lines.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
