- ExternalDebsign
ExternalDebsign task
This wait task blocks until a user provides a signature for an upload.
The task_data
for this task may contain the following keys:
unsigned
(Single lookup, required): the debian:upload artifact whose contents should be signed
The workflow_data
for this task contains needs_input: True
.
Running this task does not do anything. In order to complete it,
the user needs to execute debusine provide-signature
<work-request-id>
to download the files to sign, sign them locally
with debsign
, upload them back as part of a new
debian:upload artifact, and finally record that artifact as an
output artifact of the ExternalDebsign task. The web UI advises the user to
run this command when showing such a work request.
The containing workflow should then normally use an event reaction to add that output artifact to a suitable collection (usually the workflow’s internal collection).
The task does not verify the signature, since it doesn’t necessarily have the public key available. It remains the responsibility of whatever would normally verify the signature (e.g. an external upload queue) to do so.
Used by the package_upload workflow.