From 2c584d90418b68e85cc036b1bfddccfb1296a8fbddbcee47fb73d206b402e83a Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 3 Dec 2012 22:17:05 +0000 Subject: [PATCH 1/2] Verify GPG signature OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=63 --- iptables.changes | 5 +++++ iptables.keyring | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ iptables.spec | 17 ++++++++------- 3 files changed, 70 insertions(+), 8 deletions(-) create mode 100644 iptables.keyring diff --git a/iptables.changes b/iptables.changes index e33ce70..3f46a9e 100644 --- a/iptables.changes +++ b/iptables.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Nov 28 17:07:29 CET 2012 - sbrabec@suse.cz + +- Verify GPG signature + ------------------------------------------------------------------- Thu Nov 15 16:06:15 UTC 2012 - lnussel@suse.de diff --git a/iptables.keyring b/iptables.keyring new file mode 100644 index 0000000..3022f4a --- /dev/null +++ b/iptables.keyring @@ -0,0 +1,56 @@ +pub 4096R/BB5F58CC 2010-10-21 [expires: 2015-10-20] +uid Netfilter Core Team +sub 4096R/04B92F5C 2010-10-21 [expires: 2015-10-20] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.19 (GNU/Linux) + +mQINBEzAS5EBEADVlGm+KwODJcVmP33HTCbn/eP8obZbgu+3Z1CYRklF8V43vC6D +8Jfk7fjD4/gWbAKZxriOESXVAN7mp0Fho4+Ga+pxWeLIET9tVM5xbNFK1p9R3XCK +p5SrugG+tGhizTR9b/1YCMVRz/yX3aDtC7lwObas4hkr5BqhphjvlkjFE7us32by +43LPpFj2yUpp1VdOf6gxl03kAgJg08h9J7a+n9KHQeAhIpXSRFq3tXiTdXQlovsv +ckwBjO0m8P2d1Z8/UYwXQgXzuO8W8EqaUSR95nDwl7UnilnKJm2fGvNg3A6PfCSk +3KdeEBZ45SRfMTPsuC5C4T0Az75h3HFR6YSae46ymg7d4ZA/Bd5K4hvp4PdYrfCi +GXen7iK9q5XDpopWb0yCrEVJzKjBjDurvpLtAD0IFWcpB6zwM38AnxVH05J8QOx/ +VCZ4vZJxTKWbpHbdcISSMmVt00VfKorF9DsjiAcBRMBcIvDpJTP4yjvr32W09wLc +d5CIYGrLKhLNysUIJ44AQoTL9yV5aQvCb2EFnoPqCEKQm8onTAGX19PpTDjDPJFt +WyMMUDtiMp2yODuFo1qHjxvqzSVX+Ti2sGpiT1hEz97GAIlbAvmXs/bTb+U+rBnd +6027ooes3cWmBSV5kpz/sMp+nFynrLZ5NDnehPScz3W31oGgSdrGsnnhaQARAQAB +tCxOZXRmaWx0ZXIgQ29yZSBUZWFtIDxjb3JldGVhbUBuZXRmaWx0ZXIub3JnPokC +PgQTAQIAKAUCTMBLkQIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA +CgkQpBEfibtfWMzULxAAtGgYeuEqk0F9y4sz6hFJf+fXKSPPrwWTIUXs/sCxlBtS +lgf9oTvk3aT48zsMIfsDsS8yfIUjaK+eedIZW3oJ0lBtwRncZKjks8Od5J7DvEhR +Kpo3cajT1KXJh584IvXN0/BbCdPUI6EQE8n0fEUrSWANfzhuD3qYtX9UUGBq/7i8 +Cf3pGFDeYRjcwWeNZ1T+xbaCKPS5BGlOVhMtauaTBZvTJniB828bOZXd3KrXUeul +AicbzZzqU7XcNX2YKw19MTQzuGNZQ3npJUPQiHgyELTh3+YUmRkPaZaZiDNZeQvu +/j8cgSoa26Q48apjghREo0Ues4MwQwEGBbdVkEQQMuC9ASti3OyZBTOqyApc2rpE +VsW2CkqvoQ8jaP51Ua4mjerYkqEqXaVtbPelNFMJXGNXrKdf0xg5Nl/onWnT9S/s +jtR3LtjOQ0apbBiGPROtYKWSQtA55TgYNLLS1+947TvU134Px1FA8Dqi72SBl7Xc +ET4nwISO222wMJBxbY4MYB2TppMysIKXUazIyekbRkpK1woH4AR6NsuJOiVdhjEi +46MkN7tmHI9S9blA98Ih6C9hMz2YgmQEwOQ0qYgVruPdYZSP+M5o+pra9ch+STBk +FbB03L9kqcAAE8wpGSBRYU+KuyVRipnPeqoeR8niO71AiKbsfbL1skTGRafC2Q+5 +Ag0ETMBLkQEQANNv2Ymm/BVxwqb1vrLq1scoWK5kmeaRD3ndMBv9F3xwqGnE/JTn +HnVoZIzGb8MD+MCe9jfm8Y+NLU0D71NpDDqRzFZCCjcTmRMYV6QXlsg/ndnSaU1b +hG0gSq4N+qZFZ+35yiY5pYv1qZkIqWr4/vg9mk53CU620bNgNJ1+F19s/eTw1231 +pJ6K6BsDi7pj4LXGD5wHZPKAmLabFweCkGbGQo6VwWw1ieNJ0igvzkZtVXuvoeHU +mAitCaZT9AIYDl4PHryckIzjgTdhK0PP92fyHV64Yr3B7G6hWlEwq4wKk9irdgqD +20Fuqw8Cvv6k1YucWfdpNbZkUI3siQE+1HUUuRTcT8yrPcEA5ZM1/U+e8jBT3EAr +hk69G6LCfwyX2Xd/JGlBmc0Qv0t2YKqj9Io1G5lBN1q57+vK7ttiIUomwvfD2ltY +0bdcEr5LjXOk3Sb+OPIVm7+vr6hDMKdUpdm5ABZRSUb0RJ37hBT+DKYbnp0t/e3a +MXxV9m3jUq8hNdwc8vU1khr9kf+MWPonE0Vw2kqHIIb4I5W9HkMJf4Vzj9/hVPMI +ucV+2de/7zqxwa0Jh5VSD7SeKj7LznsAy9gi/AioYq4AKVTsigfyJlWpjOLeOvv7 +z4uUfLRQ5OWWfX8BBw8SoPwnWQD4cXHkrHXVwYR2yy7pEc1CstUN+uqXABEBAAGJ +AiUEGAECAA8FAkzAS5ECGwwFCQlmAYAACgkQpBEfibtfWMyLqw/6A12S4bnLYaik +ToKc13ywTUsHplbmlLOy2E/5ZMksdfuWjh9XTMR0nbXWnFULxGKTP00kA0yVpv/j +beDY/qLzY2Yb0rROCQJjuWSLYuNW40+Hmh9TGsDWt7iK3XsONVpV0sRsMOBCwV3k +2EsFXu73Fj+1JvQ+WSGluj+N7HFAqPi5OFk3IFFnIGhScUz22V6meSaOEqiXLySg +qh3lv7+XuGzoBjdy7dDm+SnbmK9lO1IqPsIm4iDwmTNJBiu1Wrz319kLYA0/Vx+o +fmxyViOX1GZShb1mGH0Aeo4jeYmDNLXapkoymC3HCIMctYDmuIw6QlgG8i1LRcFh +VKMngLjZ17dl/w8gYOdkCsGIUBzvbFBhxuJnXMnFVyDxft/lorMAimH2kbjDn6qa +H0uV8ILfFVe6gnKzanugmaSQjWzby/ARPhs6OYAXoIUv5MUVDgvTzVmTckWjVa1R +kMm3eGmDSqoMxsPmarb80nkoFQMOPhJWlyaUCt6HHRYuSkIcxY4H4Ni3Oq1s1R9/ +EqUuIfxNv7Kp0mcsE2KvANc3JfB9wXwLWqDYRCifLkCD6pbpt9L/+xQ49VzcFxNO +9DqTyk4N7cz7OZrAi+ouVrdFuiwnZyn5YSQoof6Pos58b3bkFn14m9gofwTqGzPh +R4Vot9rRu5zrWdoCM4cRThpJyrjqBMs= +=mRxL +-----END PGP PUBLIC KEY BLOCK----- diff --git a/iptables.spec b/iptables.spec index fc43238..6304b1e 100644 --- a/iptables.spec +++ b/iptables.spec @@ -47,6 +47,9 @@ BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} BuildRequires: fdupes %endif +%if 0%{?suse_version} >= 1230 +BuildRequires: gpg-offline +%endif %if 0%{?suse_version} >= 1140 BuildRequires: pkgconfig(libnfnetlink) >= 1.0.0 %endif @@ -132,6 +135,9 @@ Link your extension (iptables plugins) with $(pkg-config xtables xtables --variable=xtlibdir). %prep +%if 0%{?gpg_verify:1} +%gpg_verify %{S:2} +%endif %if 0%{?__xz:1} %setup -q %else @@ -162,16 +168,11 @@ rm -f "%buildroot/%_libdir"/*.la; %fdupes %buildroot %endif -%post -n %lname_ipq -p /sbin/ldconfig - +%post -n %lname_ipq -p /sbin/ldconfig %postun -n %lname_ipq -p /sbin/ldconfig - -%post -n %lname_iptc -p /sbin/ldconfig - +%post -n %lname_iptc -p /sbin/ldconfig %postun -n %lname_iptc -p /sbin/ldconfig - -%post -n %lname_xt -p /sbin/ldconfig - +%post -n %lname_xt -p /sbin/ldconfig %postun -n %lname_xt -p /sbin/ldconfig %files From 1d035898fb6f69631eee77cee175d7d07be2131e15d61231d6e5afb23cc9fef0 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 10 Dec 2012 14:22:27 +0000 Subject: [PATCH 2/2] Include keyring file OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iptables?expand=0&rev=64 --- iptables.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/iptables.spec b/iptables.spec index 6304b1e..a3f979f 100644 --- a/iptables.spec +++ b/iptables.spec @@ -32,8 +32,10 @@ Url: http://netfilter.org/ #DL-URL: http://netfilter.org/projects/iptables/files/ Source: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2 Source2: http://netfilter.org/projects/iptables/files/%name-%version.tar.bz2.sig +Source3: %name.keyring Patch1: iptables-batch.patch Patch2: iptables-apply-mktemp-fix.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} BuildRequires: sgmltool