SLFO-pool/suse-build-key
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main suse-build-key revision 3c0251a441806243ef2bd658e94284fd

Browse Source
This commit is contained in:
Adrian Schröter 2024-08-02 15:18:28 +02:00
parent 82d9aa9b1c
commit 2ef9776db3
3 changed files with 40 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
key2rpmname Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
function keyname() {
for key in "$@"; do
while read line; do
[ "${line:0:4}" = "pub:" ] || continue
IFS=: eval set -- "\$line"
keyid="${5:8}"
printf "gpg-pubkey-%s-%08x\n" "${keyid,,}" "$6"
done < <(gpg --with-colons --import-options show-only --import 2>/dev/null < "$key")
done
}
keyname "$@"

10
suse-build-key.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Fri Jul 19 08:47:17 UTC 2024 - Marcus Meissner <meissner@suse.com>
- make the per-project inclusion optional, default off.
-------------------------------------------------------------------
Thu Jul 18 12:13:36 UTC 2024 - Marcus Meissner <meissner@suse.com>
- also include the GPG key from the current build project
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner <meissner@suse.com> Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner <meissner@suse.com>

25
suse-build-key.spec
View File

@ -14,8 +14,11 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
# needspubkeyforbuild
%bcond_with build_key_include_prjkey
Name: suse-build-key Name: suse-build-key
BuildRequires: gpg BuildRequires: gpg
Provides: build-key Provides: build-key
@ -25,6 +28,7 @@ Group: System/Packages
Version: 12.0 Version: 12.0
Release: 0 Release: 0
Source1000: key2rpmname
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de> # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# The main package signing key. # The main package signing key.
Source0: gpg-pubkey-39db7c82-5f68629b.asc Source0: gpg-pubkey-39db7c82-5f68629b.asc
@ -116,6 +120,16 @@ cp %SOURCE99 .
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{keydir} mkdir -p $RPM_BUILD_ROOT%{keydir}
%if %{with build_key_include_prjkey}
if [ -e "%_sourcedir/_pubkey" ]; then
name="$(sh %{SOURCE1000} %_sourcedir/_pubkey).asc"
if [ ! -e "%_sourcedir/$name" ]; then
install -D -m 644 %_sourcedir/_pubkey %{buildroot}%keydir/"$name"
fi
fi
%endif
for i in %sources; do for i in %sources; do
case "$i" in case "$i" in
*/gpg-pubkey-*.asc|*/*ptf*.asc) */gpg-pubkey-*.asc|*/*ptf*.asc)
@ -123,6 +137,8 @@ for i in %sources; do
;; ;;
esac esac
done done
%if 0%{?suse_version} && 0%{?suse_version} < 1120 %if 0%{?suse_version} && 0%{?suse_version} < 1120
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
%endif %endif
@ -144,14 +160,7 @@ install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container
%if 0%{?suse_version} && 0%{?suse_version} < 1120 %if 0%{?suse_version} && 0%{?suse_version} < 1120
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
%endif %endif
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-*.asc
%{keydir}/gpg-pubkey-39db7c82-5f68629b.asc
# SLES 11 key no longer added
#{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc
%{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc
%{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc
%{keydir}/gpg-pubkey-73f03759-626bd414.asc
%{keydir}/gpg-pubkey-25db7ae0-645bae34.asc
%{keydir}/suse_ptf_4096_key.asc %{keydir}/suse_ptf_4096_key.asc
%{keydir}/suse_ptf_key.asc %{keydir}/suse_ptf_key.asc
%{containerkeydir}/suse-container-key.asc %{containerkeydir}/suse-container-key.asc