From 8583c81b44c84c2421452014eecb632c00ee29e96bb190191445a4909328633b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 29 Aug 2014 08:29:05 +0000 Subject: [PATCH 1/5] - Went to new method again. - suse-build-key.gpg blob dropped - ship seperate files OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=20 --- suse-build-key.changes | 7 +++ suse-build-key.spec | 99 ++++++++---------------------------------- 2 files changed, 25 insertions(+), 81 deletions(-) diff --git a/suse-build-key.changes b/suse-build-key.changes index 3e897c1..2bb2b43 100644 --- a/suse-build-key.changes +++ b/suse-build-key.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com + +- Went to new method again. + - suse-build-key.gpg blob dropped + - ship seperate files + ------------------------------------------------------------------- Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com diff --git a/suse-build-key.spec b/suse-build-key.spec index a4c3e15..390405d 100644 --- a/suse-build-key.spec +++ b/suse-build-key.spec @@ -26,19 +26,12 @@ License: GPL-2.0+ Group: System/Packages Version: 12.0 Release: 0 -Source0: suse-build-key.gpg -Source1: dumpsigs - # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key # The main package signing key. -Source2: gpg-pubkey-39db7c82-510a966b.asc +Source0: gpg-pubkey-39db7c82-510a966b.asc # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) # Fallback key if main key gets lost. -Source3: gpg-pubkey-50a3dd1c-50f35137.asc - -# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key -# SLE11 build@suse.de key, 1024 bit -Source4: gpg-pubkey-307e3d54-4be01a65.asc +Source1: gpg-pubkey-50a3dd1c-50f35137.asc # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key # SUSE supplied PTF (program temporary fixes) are signed by this key. @@ -50,13 +43,10 @@ Source98: suse_ptf_key.asc # Only used for E-Mail encryption and signing to/from security@suse.de. Source99: security_at_suse_de.asc +Source100: dumpsigs BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %define keydir %{_prefix}/lib/rpm/gnupg/keys - -%define pubring usr/lib/rpm/gnupg/pubring.gpg -%define susering usr/lib/rpm/gnupg/suse-build-key.gpg - PreReq: sh-utils gpg fileutils mktemp %description @@ -75,76 +65,23 @@ cp %SOURCE99 . %install rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg -install %{SOURCE0} $RPM_BUILD_ROOT/%{susering} -install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg -mkdir keys -cd keys -$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering} -cd .. -cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg - -touch $RPM_BUILD_ROOT/%{pubring} -touch $RPM_BUILD_ROOT/%{pubring}~ +mkdir -p $RPM_BUILD_ROOT%{keydir} +for i in %sources; do + case "$i" in + */gpg-pubkey-*.asc) + install -m 644 "$i" $RPM_BUILD_ROOT%{keydir} + ;; + esac +done +install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg %files %defattr(644,root,root) -%attr(755,root,root) %dir /usr/lib/rpm/gnupg -%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs -/usr/lib/rpm/gnupg/keys -%config /%{susering} -%ghost /%{pubring} -%ghost /%{pubring}~ - -%post -if [ ! -f %{pubring} ]; then - touch %{pubring} -fi -echo -n "importing SuSE build key to rpm keyring... " -TF=`mktemp /tmp/gpg.XXXXXX` -if [ -z "$TF" ]; then - echo "suse-build-key::post: cannot make temporary file. Fatal error." - exit 20 -fi -if [ -z "$HOME" ]; then - HOME=/root - export HOME -fi -if [ ! -d "$HOME" ]; then - mkdir "$HOME" -fi -gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true -# no kidding... gpg won't initialize correctly without being called twice. -gpg < /dev/null > /dev/null 2>&1 || true -gpg < /dev/null > /dev/null 2>&1 || true -gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ - --keyring %{susering} --export -a > $TF -a="$?" -gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ - --keyring %{pubring} --import < $TF -b="$?" -rm -f "$TF" -if [ "$a" = 0 -a "$b" = 0 ]; then - echo "done." -else - echo "importing the key from the file %{susering}" - echo "returned an error. This should not happen. It may not be possible" - echo "to properly verify the authenticity of rpm packages from SuSE sources." - echo "The keyring containing the SuSE rpm package signing key can be found" - echo "in the root directory of the first CD (DVD) of your SuSE product." - exit -1 -fi -### import suse package build key to roots gpg keyring -if test -f root/.gnupg/pubring.gpg ; then - chroot . usr/bin/gpg --export --armor --no-default-keyring \ - --keyring %{susering} build@suse.de \ - | chroot . usr/bin/gpg --import || true - if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then - echo "gpg import for build@suse.de failed, please import manually" >&2 - fi -else - cp %{susering} root/.gnupg/pubring.gpg -fi -chmod 600 root/.gnupg/pubring.gpg +%doc security_at_suse_de.asc suse_ptf_key.asc +%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg +%attr(755,root,root) %dir %{keydir} +%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs +%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc +%{keydir}/gpg-pubkey-39db7c82-510a966b.asc %changelog From 32395057414eb996b5297fedd44ac0b64daa50e64232ce3c5459dfcf2a5ea88f Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 29 Aug 2014 08:30:52 +0000 Subject: [PATCH 2/5] OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=21 --- gpg-pubkey-307e3d54-4be01a65.asc | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 gpg-pubkey-307e3d54-4be01a65.asc diff --git a/gpg-pubkey-307e3d54-4be01a65.asc b/gpg-pubkey-307e3d54-4be01a65.asc deleted file mode 100644 index 9c852d7..0000000 --- a/gpg-pubkey-307e3d54-4be01a65.asc +++ /dev/null @@ -1,15 +0,0 @@ -E3A5C360307E3D54 SuSE Package Signing Key - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.19 (GNU/Linux) - -mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi -KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl -edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT -dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC -GwMECwcDAgMVAgMDFgIBAh4BAheABQJL4BplBQkPRMsIAAoJEOOlw2Awfj1UhOsD -/RkkEhOIC9NNad0F5O0rEJxvsI7Nm+6FnNJq8LjyR5+87epQCXgpaBXEGd4RcjjO -TukLaHHrC1T/h4biIyf253VZHr4oJ46sUivNUFq60gl4gk56aTGTNeUWOsgrU4jm -auFca3dbGcNfiJ7c7dF2CkOAR+CPMLPYTvuVIRQBAjeS -=jKkp ------END PGP PUBLIC KEY BLOCK----- From 5943f5704b78d527b403f26cab79a818cf04061d2e46dbd081474048001937a7 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 29 Aug 2014 08:32:09 +0000 Subject: [PATCH 3/5] OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=22 --- gpg-pubkey-307e3d54-4be01a65.asc | 15 +++++++++++++++ suse-build-key.spec | 3 +++ 2 files changed, 18 insertions(+) create mode 100644 gpg-pubkey-307e3d54-4be01a65.asc diff --git a/gpg-pubkey-307e3d54-4be01a65.asc b/gpg-pubkey-307e3d54-4be01a65.asc new file mode 100644 index 0000000..9c852d7 --- /dev/null +++ b/gpg-pubkey-307e3d54-4be01a65.asc @@ -0,0 +1,15 @@ +E3A5C360307E3D54 SuSE Package Signing Key + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.19 (GNU/Linux) + +mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi +KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl +edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT +dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC +GwMECwcDAgMVAgMDFgIBAh4BAheABQJL4BplBQkPRMsIAAoJEOOlw2Awfj1UhOsD +/RkkEhOIC9NNad0F5O0rEJxvsI7Nm+6FnNJq8LjyR5+87epQCXgpaBXEGd4RcjjO +TukLaHHrC1T/h4biIyf253VZHr4oJ46sUivNUFq60gl4gk56aTGTNeUWOsgrU4jm +auFca3dbGcNfiJ7c7dF2CkOAR+CPMLPYTvuVIRQBAjeS +=jKkp +-----END PGP PUBLIC KEY BLOCK----- diff --git a/suse-build-key.spec b/suse-build-key.spec index 390405d..4e19afd 100644 --- a/suse-build-key.spec +++ b/suse-build-key.spec @@ -33,6 +33,9 @@ Source0: gpg-pubkey-39db7c82-510a966b.asc # Fallback key if main key gets lost. Source1: gpg-pubkey-50a3dd1c-50f35137.asc +# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key +# SLES 10 key. +Source2: gpg-pubkey-307e3d54-4be01a65.asc # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default From 9984bb2da57d96b5a7738c0a90f5aefef67ff24b2b4b09af1a949d83c4ee3738 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 29 Aug 2014 08:32:52 +0000 Subject: [PATCH 4/5] OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=23 --- suse-build-key.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/suse-build-key.spec b/suse-build-key.spec index 4e19afd..5f9f282 100644 --- a/suse-build-key.spec +++ b/suse-build-key.spec @@ -86,5 +86,6 @@ install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-39db7c82-510a966b.asc +%{keydir}/gpg-pubkey-307e3d54-4be01a65.asc %changelog From eb50411aa2b1681808bd8c591b8bbde78bf8406c15f32cdc5588ce76b5e9f626 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 1 Sep 2014 13:50:52 +0000 Subject: [PATCH 5/5] OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=24 --- suse-build-key.gpg | Bin 4945 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 suse-build-key.gpg diff --git a/suse-build-key.gpg b/suse-build-key.gpg deleted file mode 100644 index d152795a49cd4726b6ffa9bae94ecd17df98b8add1bba7612e1b9b8446567590..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4945 zcmb7|WmJ`Iw}p4IN$J{vbazOJl%#ZbcO$jwPD!O334txrf`l|mH;8lyf=Ea=2j1^H z-+9j&k)on70zv?7Llp!^R~{kyN$&UuT z-@bJ`3fuKO+RA6%-rTrd!(0!o9pIIhyGym}W$T!GIt!*{?pq;z=r z(HN6Tc8ky-yR0}lF4YOc*?SQ=6ZQw64rTLOcYmp(c{AG*_K+^&x(SXbZ)4cL+`-Vi zi;7&MWjy`qsrR^zi7}xk@!hp2fBsyMD|0T3kcrWynQX9BUn{HyE`004*zD4;V$)TdfX7&hB1_bF1c z3lK{Rz8KnkI|{cgbci^2(A`$&Co;Efe77YMvNk^d&qygI}VPN*q@+Rq%(Q<|^2Yy=@c&(Gir@43SgSs`eK0YYt5L~HSHDe{o6aE9}r zKryuIW&#W+hzIo)GO+4=)al0B6k{V^_AATIeAu8DPB`yfPGsr!MMKj~vAl`+ZjKbZ zl}+Dd#w10o20c!%M7S!l?yUE0bWzN8Igc)PziUji(xtRV;n4T4$hIXx9B0|*Q;^{! zs7>I@EY6CO*;Mb>=fqdpwszKu?bVp8h}uoSGy2Kz04Q!f{aTfxAS%-^&(I^XoAU3cU68iie`IvF)@U8^Fd^T3}9AG>QZX30Xx<8Gi`}vRml;JyL*wX#@FpU4cL+LD(&`Zou-)G2;?P z`vr4Yoa0oBSsJ`DqGo| zOyFb;da2WZ%I0SnUVP%&zk)6`m>~#SYk3k4pkKTZIqi{wmVOa2ubSnfr8xFvKX!7u z!QLHyrYu`D)qVYV3e#X#C5h;<(GVHBfPG>=&B!U>eAsCk5o@@+C}D(C*fuW z(*Scp0%0kymbas-ZrtUrZa;-#N{Ugv@AJAf>D166OZU!(8e}G-qH0!=#Z0gj!bQ;n zOI&t)FEN6SDa?=welFy%&-632Kq}f}g!#7uMZyPL&KER2MqcO-?G`Nq!NCOqP@tfv zkIlLt3?WZ^9S4B^zF1ikP>_H#bmta#No`S=LR^dRF3=dsZ35)+qd2G|d|k3Ljk2N{ zb&Vz~;en)o=?qA{XHcN=X%|tF!0pKO8$uuucmck98Mz^cmS{o{5%YEiwoaqEAOb`3 zLTc+Jx^ccoVeD*JVQ)`Z-qfF`HRPVZO7PA`zjdq|J~R&bVXpMLri!viG-Gf4;L~}I z+hr*g=fW}Tk!LL%0&Y^v&Z2v^Z*o4!lllwkzU~nzRf%cWwKZ3#cQa|6*yJk0>WiQl5@@-O! zE^ZfcUrAdgL?&U@x^vf`c0Qby2`q#N?Hz~ULIBBs;xDco_E$PnS!jB=wgX6~lD9gF z&DaldN-MpmbFRdWSPEHn9Y_QJq~h{5DB_66gRfv?9i=Ye!d5+QKDoD3e?|}SuNK>qeN&9s zGxP@x35m}u_tqG9tTj0k@1F36VkJ!P_!g`&%-x)j3HN@$dzlrjyeYXtUqfFdGvF$P z9TYaVsC9EkKha;&^a?6y+~<-g_gcW95r7}5ZTF{!8mHQrv}lo!ks%pW9Jw^`meOgcr1sO$rYGno_z zqI}ODho7dBWYF4aNQa+)`YPK3m0WBCmx10Dv0wdA!|m{4rMDl=5neyCL zPB8j_$qPXKi#~QwL&4BAGNfRB(j@KR51V#7K%N+mgO&}UE$Wx|v6IPQx@a+J&8~-5 zYXV_CVDknC6%hVHNu3~y z%+*B^YDnA@BIK$rp5OYSIf!Tcbba2_+#!GEX=6WL(rLtE{$(;^qAKuA&#|033k+z9h zx_32QIZyksLgrwFS6{37_WWnF2!OGST^WgF!fc9hiY)=7Y0A(~rw$%;70G$@>^ZUS z>D&+>Dt!{Vh}VzHr5dwyl>FFjIQGqXETlDQDAqbSJMa~@`II@k(nG^)2w{V5|(R8kBUi5>@a_+W<43aD5g|~Q+HYR zCbm3n*AMl{yl=KKPK0ZTW5u>T96#E=m$$BFBv4=q%uGn^wSCVP5t@GpumqMGwPhlT zcd0UE$dLA`%Q!vex{|((=?ckoZ~Jj(`c8YJB);L-4@1w3r1*Et>e49fQC zPU|-n+Vsp$v?7G$o;%Ekjg0j3Uxcy#ov<&D0eL)peywR4W6^k*r%KcO?PgA3hEYJi zTP;x84`q1-XF4qZRGmOR1b*88K-hyZNrqw*-y2h_p}5$W5J%$DXX2iGwpjfTI?zIf zo!3pE1-~*m{~Ha#r0;L8zu7x&hEeUk<%`WYz7oN>lbVW+X#I%1-mWt3#XZu86f3ix zQ(ABuu{B9H?R{I_;-Vtrl02_7H>odi9)GFUB+AI=X?`TB*Gs-hYzE}Ga^Djkrw|*y zOA;go6rBHg(n%4IG3xwv!{kf2zXl)2Iuv|oEm5oP#vUSEnF=*UJeK>gBCIh%qguMK zNw3K-0779a54i|_9@Ps&zQQO@-Z2TH?yJh77#75@IE&r8OMVBHZ6a{)uHHC}{wT&m zbbUQ6%B!C00b+kaZgIwrF1&Q%Xc6-pELxtS72Zm{8)n(l%NWPMXI&S-qZ`t_k>$t& zz6298qt3*OL)!w=3KW>Mw`p!`e@U8lHql|3$eW@)E0s#xdXuW zh)CV}_mOlwQxjIwht;NyH?kJl>IS$bDrMVQCLjZd4p`dpo>$<>Tbf_ynpMsS%MrxC z$J#Uq{q((Vsk6L~c|7OTbocvD9M+T$`L0XN3hd7m7_6_;8NQGvI0ZG`Qs~0A22-vR zin8O{EA6k0q)O4Wnkyr6Fuh?3NZL764f?W z>DZ$h*xva?4N!nwV}*oK_WqVS#w$%k2p#yS3ak91FR>u1M`{B1iDqmm-!Mx1^>&9n z=X#6kWZRI225o8$`z^aKH1Tk!hBaGW89LG+bf9k)ZO=5a!`RiJ>U@ZEYMt-Mz1?jQ zU(1`nM-`9zZs^xY1s7`;V;*5ErTvXpw9>(7DsRoNg5{I#0T zvn(oN!3}s#qrbeeA)^U-G&9jvh4s|AOKj;|KDa=CO0d0 zD>pAIDhDec=Kq>(V}K%mMOy|a=t0i=fD1)~g^vJGFwju%gD!*+gbIcbfx!Qax(`J& zu9A{cEm|b6+J@bb1LyU!c6&H&^kmy$kCfM+D$gNz9`Aipdu~WWky-ts`#@rxl0Y*_W_v*efBmX>#@p*@28%=|$UDXH#T$jijS>jFTdq1QL_nmKnc?%?d0 z2-PpKkC|RSOmUr3_1&2G^UANeX!o5VnTJPeitbQcgVpk%fjGBf_BA$f*H`OXwI+p8mcar;^Y@4w;^4_(L`J~ zALRF0g|z!$D5{~SIozW-Uy^3vMAc-?8P!7(=kA*6p-#~hgp3!QpmctZh-5i3JaUPwJ(r!C2FkJ3Vl&xYB zbcAH{ejW|@g!RFD`5!3$pPyC!2H%5#{}=dNtMWpG=KVusB2fV!7tWi<5)ux~Jr)R9 zGYxAQsuwzPUcSeIWrSb_`F68?!AJS&%ARM@lmUeQ5p6Mgq;+M~E?-Koc5Hwm*H r!;&AV^c$HJC%ia>X?ci(9$lCzbr&&?&iV||aMEtLzkaUt;Di4Lr*X2^