summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorJoey Hess2018-05-18 11:26:10 -0400
committerJoey Hess2018-05-18 11:26:10 -0400
commitf35f487831872bf4254b2712f2f49abbb03318e1 (patch)
tree238b2bccb1008f6d8c4c75512108c1a414b1f591 /debian
parent13beb3a02e5c59eb8c2c481f79535fb4469392d3 (diff)
use git verify-commit
Use git verify-commit to verify gpg signatures, rather than the old method of parsing git log output. These two methods should always have the same result. Note that git verify-commit allows signatures with unknown validity, the same as git log's "U" output which was accepted. So any key in the gpg keyring is allowed to sign the commit. Propellor provides gpg with a keyring containing only the allowed keys. Needs git 2.0, which is in even debian oldstable. This commit was sponsored by Ewen McNeill on Patreon.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog2
-rw-r--r--debian/control4
2 files changed, 4 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index bf4df720..c4707e71 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ propellor (5.4.1) UNRELEASED; urgency=medium
* Modernized and simplified the MetaTypes implementation now that
compatability with ghc 7 is no longer needed.
+ * Use git verify-commit to verify gpg signatures, rather than the old
+ method of parsing git log output. Needs git 2.0.
-- Joey Hess <id@joeyh.name> Fri, 18 May 2018 10:25:05 -0400
diff --git a/debian/control b/debian/control
index 5a041c90..0a8701a0 100644
--- a/debian/control
+++ b/debian/control
@@ -3,7 +3,7 @@ Section: admin
Priority: optional
Build-Depends:
debhelper (>= 9),
- git,
+ git (>= 2.0),
ghc (>= 7.6),
cabal-install,
libghc-async-dev,
@@ -43,7 +43,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
libghc-stm-dev,
libghc-text-dev,
libghc-hashable-dev,
- git,
+ git (>= 2.0),
Description: property-based host configuration management in haskell
Propellor ensures that the system it's run in satisfies a list of
properties, taking action as necessary when a property is not yet met.