SignRepositoryIndex

SignRepositoryIndex task

This is a signing task that signs a debian:repository-index artifact on a signing worker. It is separate from the Sign task to make it easier to add the signed indexes to the suite without needing additional helper tasks.

The task_data for this task may contain the following keys:

  • suite_collection (Single lookup, required): the suite whose indexes should be signed

  • unsigned (Single lookup, required): the debian:repository-index artifact whose contents should be signed

  • mode (required): detached or clear

  • signed_name (required): the file name to use in the output artifact

The task looks up the suite’s signing_keys field; if that is not set, it falls back to the signing_keys field of its containing archive, if any. It signs the unsigned artifact with all the signing keys corresponding to fingerprints in that list, creating a single signed output file.

The output will be provided as a debian:repository-index artifact, with relates-to relations to the unsigned artifact.