debsign is a command of devscripts that signs a Debian .changes and .dsc file pair using GPG. The command cannot be used in environments without TTY, for example, as invoked by CI.
I had tried to use debsign via subprocess module of Python as follows, but passphrase prompt is always shown. It was the same in the case of using gnupg-agent and keyring.:
>>> import subprocess >>> import shlex >>> command0 = 'echo -e "%s\n%s\n"' % (`passphrase`, `passphrase`) >>> command1 = '/usr/bin/debsign -k %s %s' % (`keyid`, `.changes`) >>> process0 = subprocess.Popen(shlex.split(command0), ... stdin=subprocess.PIPE, ... stdout=subprocess.PIPE, ... stderr=subprocess.PIPE) >>> process1 = subprocess.Popen(shlex.split(command1), ... stdin=process0.stdout, ... stdout=subprocess.PIPE, ... stderr=subprocess.PIPE) >>> stdout, stderr = process.communicate()
So, I decided to make a Python library to do the same (have behavior of debsign), but work as expected without TTY.
- It is enable to sign .changes and .dsc files with GPG without the input of interactive passphrase.
- It can also be used by a user can not login shell on the CI, such as Jenkins.
- Debian system, or the system derived from Debian.
- Debian GNU/Linux Wheezy
- Debian GNU/Linux Jessie/Sid
- Ubuntu 14.04 LTS
- Debian package as follows;
- gnupg
- dput
- lintian
- python (= python2.7) or python3
- Python packages as follows;
- python_gnupg (as debian package is python-gnupg or python3-gnupg)
- python_debian (as debian package is python-debian or python3-debian)
- chardet (as debian package is python-chardet or python3-chardet)
Generic usage;:
>>> from pydebsign import debsign >>> debsign.debsign_process('/path/to/some.changes', passphrase='secretkey')
When use another GPG Keyring instead of default GPG keyring;:
>>> from pydebsign import debsign >>> debsign.debsign_process('/path/to/some.changes', passphrase='secretkey', ... keyid='keyid', gnupghome='/path/to/gpghome')