AssembleSignedSource task
This is a worker task that takes debusine:signing-output artifacts produced by Sign tasks and assembles the resulting source package.
The task_data for this task may contain the following keys:
environment(Single lookup with default categorydebian:environments, required):debian:system-tarballartifact that will be used to pack the source package using theunsharebackend.dpkg-devwill be installed there if necessary.template(Single lookup, required): a debian:binary-package artifact containing a source templatesigned(Multiple lookup, required): signeddebusine:signing-outputartifacts matching the template
The task operates as follows:
It makes a copy of the
/usr/share/code-signing/$binary_package_name/source-template/directory from the template binary package.It checks that
debian/source/formatis exactly3.0 (native)and that neitherdebian/source/optionsnordebian/source/local-optionsexists.It checks that
files.jsonuses only relative paths with no..components.For each package name and file name in the template’s
files.json, it finds the corresponding file in the signed artifacts and copies it intodebian/signatures/$package/$file.sig. For this to work, the names of the files in thedebusine:signing-inputanddebusine:signing-outputartifacts must be composed of the binary package name, followed by/, followed by the path in the correspondingfilekey infiles.json.It packs the resulting assembled source package using
dpkg-source -b, and makes a suitable.changesfile for it usingdpkg-genchanges.
The task computes dynamic metadata as:
subject: binary package name out of
template
The output will be provided as a debian:source-package artifact, with a built-using relationship to
the debian:binary-package artifacts that
were related to the input to the Sign task,
and a debian:upload artifact containing that source
package and the corresponding .changes file.