[SCM] gmtk/master: debian/gbp.conf: sign tags

Reinhard Tartler siretart at tauware.de
Thu Jan 5 07:00:17 UTC 2012 

On Do, Jan 05, 2012 at 02:00:48 (CET), Jonas Smedegaard wrote:

> On 12-01-04 at 09:21pm, Reinhard Tartler wrote:
>> On Mi, Jan 04, 2012 at 19:56:07 (CET), Jonas Smedegaard wrote:
>> 
>> > On 12-01-04 at 07:45pm, Reinhard Tartler wrote:
>> >> On Mi, Jan 04, 2012 at 18:50:54 (CET), sramacher-guest at users.alioth.debian.org wrote:
>> >> 
>> >> > The following commit has been merged in the master branch:
>> >> > commit c0d1407dd7f38a1e66ff7500a2fe71da972fee3d
>> >> > Author: Sebastian Ramacher <s.ramacher at gmx.at>
>> >> > Date:   Wed Jan 4 18:49:07 2012 +0100
>> >> >
>> >> >     debian/gbp.conf: sign tags
>> >> >
>> >> > diff --git a/debian/gbp.conf b/debian/gbp.conf
>> >> > index cec628c..5474c60 100644
>> >> > --- a/debian/gbp.conf
>> >> > +++ b/debian/gbp.conf
>> >> > @@ -1,2 +1,3 @@
>> >> >  [DEFAULT]
>> >> >  pristine-tar = True
>> >> > +sign-tags = True
>> >> 
>> >> Please don't. Not everyone has his GPG keys on the machine were the
>> >> package is (test) built. I use 'debsign -r' to sign package via SSH.
>> >
>> > I believe it will only _attemt_ to sign - so won't fail the build, just 
>> > fail the tagging.
>> 
>> You believe wrong, git-buildpackage signals an error when debsign fails
>> to find a gpg key. And this is very annoying
>
> ...and demolishes the built packages?  ...or preserves them just fine?

no, the packages are fine, but the exit code for genuie build failures
and a successful builds become indistinguishable with that.

>> >  You can then do "git-buildpackage --git-sign-only" on 
>> > that other host afterwards.
>> 
>> That's what I also do.
>> 
>> > There are benefits to signed tags (like the ability to override if 
>> > accidentally tagging too early), so I very much appreciate having them 
>> > signed.
>> 
>> You can also override unsigned tags, just use '--git-tag --git-retag',
>> that works for me just fine.
>
> ...and you (singular, as I suspect compiling on host without GPG is the 
> odd case) can use --git-no-sign-tags.

Well, I don't consider this an odd case at all, for me, compiling on the
host *with* GPG keys is the odd case. Building in virtual machines and
schroots allows me to install and test the built packages easily in a
debian environment, as my main machine is a ubuntu laptop.

In any case, I think explicit is better than implicit, and for the sake
of consistency, I beg you to follow the defaults of git-buildpackage and
leave that option off by default. I'd really hate it if I needed to
remember to pass this option on every pkg-multmedia package that
required this and would probably rather choose to focus on packages that
don't. If you really insist on this, you can still enable signing tags
in your personal ~/.gpb.conf (you cannot override package configuration
settings with your personal config file, only the other way round).


-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

More information about the pkg-multimedia-maintainers mailing list