ExternalDebsign task
This wait task blocks until a user provides a signature for an upload.
The task_data for this task may contain the following keys:
unsigned(Single lookup, required): thedebian:uploadartifact whose contents should be signed
The workflow_data for this task contains needs_input: True.
Running this task does not do anything. In order to complete it,
the user needs to execute debusine provide-signature
<work-request-id> to download the files to sign, sign them locally
with debsign, upload them back as part of a new debian:upload
artifact, and finally record that artifact as an output artifact of
the ExternalDebsign task. The web UI advises the user to run this command
when showing such a work request.
The containing workflow should then normally use an event reaction to add that output artifact to a suitable collection (usually the workflow’s internal collection).
The task does not verify the signature, since it doesn’t necessarily have the public key available. It remains the responsibility of whatever would normally verify the signature (e.g. an external upload queue) to do so.
Used by the package_upload workflow.