From def2e19abe6df80835a830f35d31d32e80760b03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois-Simon=20Fauteux-Chapleau?=
 <francois-simon.fauteux-chapleau@savoirfairelinux.com>
Date: Thu, 24 Apr 2025 10:17:26 -0400
Subject: [PATCH] packaging: stop using dpkg-sig

The dpkg-sig tool appears to no longer be maintained and, as far as I
can tell, was never actually used by Debian or Ubuntu to verify the
integrity of packages. Both distributions no longer include the dpkg-sig
package in their newest releases [1, 2].

[1] https://tracker.debian.org/pkg/dpkg-sig
[2] https://manpages.ubuntu.com/manpages/jammy/en/man1/dpkg-sig.1.html

Change-Id: I356ff7eafb340a49622cc37899dad7ef84dbd100
---
 extras/packaging/gnu-linux/scripts/deploy-packages.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/extras/packaging/gnu-linux/scripts/deploy-packages.sh b/extras/packaging/gnu-linux/scripts/deploy-packages.sh
index cd825259..87c43b62 100755
--- a/extras/packaging/gnu-linux/scripts/deploy-packages.sh
+++ b/extras/packaging/gnu-linux/scripts/deploy-packages.sh
@@ -80,9 +80,6 @@ EOF
     find ./extras/packaging/gnu-linux/packages -type f -name '*.ddeb' -print0 | xargs -0 -I{} mv {} {}.deb
 
     for package in ./extras/packaging/gnu-linux/packages/${DISTRIBUTION}*/*.deb; do
-        echo "## signing: ${package} ##"
-        dpkg-sig -k ${KEYID} --sign builder ${package}
-
         echo "## including ${package} ##"
         package_name=$(dpkg -I ${package} | grep -m 1 Package: | awk '{print $2}')
         package_arch=$(dpkg -I ${package} | grep -m 1 Architecture: | awk '{print $2}')
-- 
GitLab