Accepting request 213750 from Base:System

- reverted to contain the fullkeyring build SLE12 Alpha.
- also list the old sle11 build@suse.de key temporary

OBS-URL: https://build.opensuse.org/request/show/213750
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/suse-build-key?expand=0&rev=32

gpg-pubkey-307e3d54-4be01a65.asc

@@ -0,0 +1,15 @@
+E3A5C360307E3D54 SuSE Package Signing Key <build@suse.de>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi
+KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl
+edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT
+dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC
+GwMECwcDAgMVAgMDFgIBAh4BAheABQJL4BplBQkPRMsIAAoJEOOlw2Awfj1UhOsD
+/RkkEhOIC9NNad0F5O0rEJxvsI7Nm+6FnNJq8LjyR5+87epQCXgpaBXEGd4RcjjO
+TukLaHHrC1T/h4biIyf253VZHr4oJ46sUivNUFq60gl4gk56aTGTNeUWOsgrU4jm
+auFca3dbGcNfiJ7c7dF2CkOAR+CPMLPYTvuVIRQBAjeS
+=jKkp
+-----END PGP PUBLIC KEY BLOCK-----

suse-build-key.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com
+
+- reverted to contain the fullkeyring build SLE12 Alpha.
+- also list the old sle11 build@suse.de key temporary
+
 -------------------------------------------------------------------
 Thu Jan  9 12:29:53 UTC 2014 - meissner@suse.com
 

suse-build-key.spec

@@ -26,12 +26,19 @@ License:        GPL-2.0+
 Group:          System/Packages
 Version:        12.0
 Release:        0
+Source0:        suse-build-key.gpg
+Source1:        dumpsigs
+
 # pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
 # The main package signing key.
-Source0:        gpg-pubkey-39db7c82-510a966b.asc
+Source2:        gpg-pubkey-39db7c82-510a966b.asc
 # pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
 # Fallback key if main key gets lost.
-Source1:        gpg-pubkey-50a3dd1c-50f35137.asc
+Source3:        gpg-pubkey-50a3dd1c-50f35137.asc
+
+# pub  1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
+# SLE11 build@suse.de key, 1024 bit
+Source4:        gpg-pubkey-307e3d54-4be01a65.asc
 
 # pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
 # SUSE supplied PTF (program temporary fixes) are signed by this key.
@@ -43,10 +50,13 @@ Source98:       suse_ptf_key.asc
 # Only used for E-Mail encryption and signing to/from security@suse.de.
 Source99:       security_at_suse_de.asc
 
-Source100:      dumpsigs
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %define keydir  %{_prefix}/lib/rpm/gnupg/keys
+
+%define pubring  usr/lib/rpm/gnupg/pubring.gpg
+%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
+
 PreReq:         sh-utils gpg fileutils mktemp
 
 %description
@@ -65,23 +75,76 @@ cp %SOURCE99 .
 
 %install
 rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT%{keydir}
-for i in %sources; do
-    case "$i" in
-        */gpg-pubkey-*.asc)
-        install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
-        ;;
-    esac
-done
-install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
+install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+mkdir keys
+cd keys
+$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
+cd ..
+cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+
+touch $RPM_BUILD_ROOT/%{pubring}
+touch $RPM_BUILD_ROOT/%{pubring}~
 
 %files
 %defattr(644,root,root)
-%doc security_at_suse_de.asc suse_ptf_key.asc
-%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
-%attr(755,root,root) %dir %{keydir}
-%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
-%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
-%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
+%attr(755,root,root) %dir /usr/lib/rpm/gnupg
+%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
+/usr/lib/rpm/gnupg/keys
+%config /%{susering}
+%ghost /%{pubring}
+%ghost /%{pubring}~
+
+%post
+if [ ! -f %{pubring} ]; then
+    touch %{pubring}
+fi
+echo -n "importing SuSE build key to rpm keyring... "
+TF=`mktemp /tmp/gpg.XXXXXX`
+if [ -z "$TF" ]; then
+  echo "suse-build-key::post: cannot make temporary file. Fatal error."
+  exit 20
+fi
+if [ -z "$HOME" ]; then
+  HOME=/root
+  export HOME
+fi
+if [ ! -d "$HOME" ]; then
+  mkdir "$HOME"
+fi
+gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
+# no kidding... gpg won't initialize correctly without being called twice.
+gpg < /dev/null > /dev/null 2>&1 || true
+gpg < /dev/null > /dev/null 2>&1 || true
+gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
+         --keyring %{susering}    --export -a > $TF 
+a="$?"
+gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
+         --keyring %{pubring}   --import < $TF
+b="$?"
+rm -f "$TF"
+if [ "$a" = 0 -a "$b" = 0 ]; then
+    echo "done."
+else
+    echo "importing the key from the file %{susering}"
+    echo "returned an error. This should not happen. It may not be possible"
+    echo "to properly verify the authenticity of rpm packages from SuSE sources."
+    echo "The keyring containing the SuSE rpm package signing key can be found"
+    echo "in the root directory of the first CD (DVD) of your SuSE product."
+    exit -1
+fi
+### import suse package build key to roots gpg keyring
+if test -f root/.gnupg/pubring.gpg ; then
+   chroot . usr/bin/gpg --export --armor --no-default-keyring \
+                   --keyring %{susering} build@suse.de \
+        | chroot . usr/bin/gpg --import || true
+   if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
+      echo "gpg import for build@suse.de failed, please import manually" >&2
+   fi
+else
+   cp %{susering} root/.gnupg/pubring.gpg
+fi
+chmod 600 root/.gnupg/pubring.gpg
 
 %changelog