- AssembleSignedSource
AssembleSignedSource task
This is a worker task that takes debusine:signing-output artifacts produced by Sign tasks and assembles the resulting source package.
The task_data
for this task may contain the following keys:
environment
(Single lookup with default category debian:environments, required): debian:system-tarball artifact that will be used to pack the source package using theunshare
backend.dpkg-dev
will be installed there if necessary.template
(Single lookup, required): a debian:binary-package artifact containing a source templatesigned
(Multiple lookup, required): signed debusine:signing-output artifacts matching the template
The task operates as follows:
It makes a copy of the
/usr/share/code-signing/$binary_package_name/source-template/
directory from the template binary package.It checks that
debian/source/format
is exactly3.0 (native)
and that neitherdebian/source/options
nordebian/source/local-options
exists.It checks that
files.json
uses only relative paths with no..
components.For each package name and file name in the template’s
files.json
, it finds the corresponding file in the signed artifacts and copies it intodebian/signatures/$package/$file.sig
. For this to work, the names of the files in the debusine:signing-input and debusine:signing-output artifacts must be composed of the binary package name, followed by/
, followed by the path in the correspondingfile
key infiles.json
.It packs the resulting assembled source package using
dpkg-source -b
, and makes a suitable.changes
file for it usingdpkg-genchanges
.
The task computes dynamic metadata as:
subject: binary package name out of
template
The output will be provided as a debian:source-package artifact,
with a built-using
relationship to the debian:binary-package
artifacts that were related to the input to the Sign task, and a debian:upload artifact
containing that source package and the corresponding .changes
file.