From f35f487831872bf4254b2712f2f49abbb03318e1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 May 2018 11:26:10 -0400 Subject: use git verify-commit Use git verify-commit to verify gpg signatures, rather than the old method of parsing git log output. These two methods should always have the same result. Note that git verify-commit allows signatures with unknown validity, the same as git log's "U" output which was accepted. So any key in the gpg keyring is allowed to sign the commit. Propellor provides gpg with a keyring containing only the allowed keys. Needs git 2.0, which is in even debian oldstable. This commit was sponsored by Ewen McNeill on Patreon. --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'debian/control') diff --git a/debian/control b/debian/control index 5a041c90..0a8701a0 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: admin Priority: optional Build-Depends: debhelper (>= 9), - git, + git (>= 2.0), ghc (>= 7.6), cabal-install, libghc-async-dev, @@ -43,7 +43,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, libghc-stm-dev, libghc-text-dev, libghc-hashable-dev, - git, + git (>= 2.0), Description: property-based host configuration management in haskell Propellor ensures that the system it's run in satisfies a list of properties, taking action as necessary when a property is not yet met. -- cgit v1.2.3