Accepting request 247206 from Base:System

- Went to new method again. - suse-build-key.gpg blob dropped - ship seperate files OBS-URL: https://build.opensuse.org/request/show/247206 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/suse-build-key?expand=0&rev=34
2014-09-03 16:23:10 +00:00 · 2014-09-03 16:23:10 +00:00 · 3e0caa582d
commit 3e0caa582d
parent 66b7f6baa2 eb50411aa2
3 changed files with 28 additions and 80 deletions
--- a/suse-build-key.changes
+++ b/suse-build-key.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com
 - Went to new method again.
  - suse-build-key.gpg blob dropped
  - ship seperate files
 -------------------------------------------------------------------
 Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com
--- a/suse-build-key.gpg
+++ b/suse-build-key.gpg
--- a/suse-build-key.spec
+++ b/suse-build-key.spec
@ -26,20 +26,16 @@ License:        GPL-2.0+
 Group:          System/Packages
 Version:        12.0
 Release:        0
 Source0:        suse-build-key.gpg
 Source1:        dumpsigs
 # pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
 # The main package signing key.
-Source2:        gpg-pubkey-39db7c82-510a966b.asc
+Source0:        gpg-pubkey-39db7c82-510a966b.asc
 # pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
 # Fallback key if main key gets lost.
-Source3:        gpg-pubkey-50a3dd1c-50f35137.asc
+Source1:        gpg-pubkey-50a3dd1c-50f35137.asc
 # pub  1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
-# SLE11 build@suse.de key, 1024 bit
+# SLES 10 key.
-Source4:        gpg-pubkey-307e3d54-4be01a65.asc
+Source2:        gpg-pubkey-307e3d54-4be01a65.asc
 # pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
 # SUSE supplied PTF (program temporary fixes) are signed by this key.
 # supplied to be not imported by default
@ -50,13 +46,10 @@ Source98:       suse_ptf_key.asc
 # Only used for E-Mail encryption and signing to/from security@suse.de.
 Source99:       security_at_suse_de.asc
 Source100:      dumpsigs
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %define keydir  %{_prefix}/lib/rpm/gnupg/keys
 %define pubring  usr/lib/rpm/gnupg/pubring.gpg
 %define susering usr/lib/rpm/gnupg/suse-build-key.gpg
 PreReq:         sh-utils gpg fileutils mktemp
 %description
@ -75,76 +68,24 @@ cp %SOURCE99 .
 %install
 rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+mkdir -p $RPM_BUILD_ROOT%{keydir}
-install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
+for i in %sources; do
-install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+    case "$i" in
-mkdir keys
+        */gpg-pubkey-*.asc)
-cd keys
+        install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
-$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
+        ;;
-cd ..
+    esac
-cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+done
-
+install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
 touch $RPM_BUILD_ROOT/%{pubring}
 touch $RPM_BUILD_ROOT/%{pubring}~
 %files
 %defattr(644,root,root)
-%attr(755,root,root) %dir /usr/lib/rpm/gnupg
+%doc security_at_suse_de.asc suse_ptf_key.asc
-%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
+%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
-/usr/lib/rpm/gnupg/keys
+%attr(755,root,root) %dir %{keydir}
-%config /%{susering}
+%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
-%ghost /%{pubring}
+%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
-%ghost /%{pubring}~
+%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
-
+%{keydir}/gpg-pubkey-307e3d54-4be01a65.asc
 %post
 if [ ! -f %{pubring} ]; then
    touch %{pubring}
 fi
 echo -n "importing SuSE build key to rpm keyring... "
 TF=`mktemp /tmp/gpg.XXXXXX`
 if [ -z "$TF" ]; then
  echo "suse-build-key::post: cannot make temporary file. Fatal error."
  exit 20
 fi
 if [ -z "$HOME" ]; then
  HOME=/root
  export HOME
 fi
 if [ ! -d "$HOME" ]; then
  mkdir "$HOME"
 fi
 gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
 # no kidding... gpg won't initialize correctly without being called twice.
 gpg < /dev/null > /dev/null 2>&1 || true
 gpg < /dev/null > /dev/null 2>&1 || true
 gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
         --keyring %{susering}    --export -a > $TF 
 a="$?"
 gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
         --keyring %{pubring}   --import < $TF
 b="$?"
 rm -f "$TF"
 if [ "$a" = 0 -a "$b" = 0 ]; then
    echo "done."
 else
    echo "importing the key from the file %{susering}"
    echo "returned an error. This should not happen. It may not be possible"
    echo "to properly verify the authenticity of rpm packages from SuSE sources."
    echo "The keyring containing the SuSE rpm package signing key can be found"
    echo "in the root directory of the first CD (DVD) of your SuSE product."
    exit -1
 fi
 ### import suse package build key to roots gpg keyring
 if test -f root/.gnupg/pubring.gpg ; then
   chroot . usr/bin/gpg --export --armor --no-default-keyring \
                   --keyring %{susering} build@suse.de \
        | chroot . usr/bin/gpg --import || true
   if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
      echo "gpg import for build@suse.de failed, please import manually" >&2
   fi
 else
   cp %{susering} root/.gnupg/pubring.gpg
 fi
 chmod 600 root/.gnupg/pubring.gpg
 %changelog