From def2e19abe6df80835a830f35d31d32e80760b03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois-Simon=20Fauteux-Chapleau?= <francois-simon.fauteux-chapleau@savoirfairelinux.com> Date: Thu, 24 Apr 2025 10:17:26 -0400 Subject: [PATCH] packaging: stop using dpkg-sig The dpkg-sig tool appears to no longer be maintained and, as far as I can tell, was never actually used by Debian or Ubuntu to verify the integrity of packages. Both distributions no longer include the dpkg-sig package in their newest releases [1, 2]. [1] https://tracker.debian.org/pkg/dpkg-sig [2] https://manpages.ubuntu.com/manpages/jammy/en/man1/dpkg-sig.1.html Change-Id: I356ff7eafb340a49622cc37899dad7ef84dbd100 --- extras/packaging/gnu-linux/scripts/deploy-packages.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/extras/packaging/gnu-linux/scripts/deploy-packages.sh b/extras/packaging/gnu-linux/scripts/deploy-packages.sh index cd825259..87c43b62 100755 --- a/extras/packaging/gnu-linux/scripts/deploy-packages.sh +++ b/extras/packaging/gnu-linux/scripts/deploy-packages.sh @@ -80,9 +80,6 @@ EOF find ./extras/packaging/gnu-linux/packages -type f -name '*.ddeb' -print0 | xargs -0 -I{} mv {} {}.deb for package in ./extras/packaging/gnu-linux/packages/${DISTRIBUTION}*/*.deb; do - echo "## signing: ${package} ##" - dpkg-sig -k ${KEYID} --sign builder ${package} - echo "## including ${package} ##" package_name=$(dpkg -I ${package} | grep -m 1 Package: | awk '{print $2}') package_arch=$(dpkg -I ${package} | grep -m 1 Architecture: | awk '{print $2}') -- GitLab