From: Ansgar Burchardt <ansgar@debian.org>
Date: Sat, 12 Oct 2013 12:00:32 +0000 (+0200)
Subject: Use SHA256 for signatures.
X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=3dab2300bfa48b358a5e217c170f072cf166654b;p=dak.git

Use SHA256 for signatures.

As dak passes --no-options to gpg, setting preferences in gpg.conf does
not help.

Bug: http://bugs.debian.org/612657
---

diff --git a/dak/generate_releases.py b/dak/generate_releases.py
index a86c33ce..e483e6c2 100755
--- a/dak/generate_releases.py
+++ b/dak/generate_releases.py
@@ -83,7 +83,7 @@ def sign_release_dir(suite, dirname):
         if cnf.has_key("Dinstall::SigningPubKeyring"):
             keyring += " --keyring \"%s\"" % cnf["Dinstall::SigningPubKeyring"]
 
-        arguments = "--no-options --batch --no-tty --armour"
+        arguments = "--no-options --batch --no-tty --armour --personal-digest-preferences=SHA256"
 
         relname = os.path.join(dirname, 'Release')