This commit is contained in:
Git OBS Bridge
parent
307a744aa2
commit
c53bf12c98
@ -1,22 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 13 14:54:19 UTC 2014 - meissner@suse.com
|
||||
Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com
|
||||
|
||||
- temporary readd the old SLE11 1024bit build@suse.de key
|
||||
- reverted to build SLE12 Alpha2.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 9 12:29:53 UTC 2014 - meissner@suse.com
|
||||
|
||||
- Merged over logic from openSUSE-build-key.
|
||||
- Got rid of default importing into roots keyring.
|
||||
- Removed some old keys.
|
||||
- Clarify that security@suse.de is a email only key
|
||||
- PTF key is supplied also as %doc, to not be default
|
||||
imported.
|
||||
- Keys currently inside:
|
||||
- pub 2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
|
||||
- pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||
- pub 1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com>
|
||||
- pub 2048R/3D25D3D9 SuSE Security Team <security@suse.de>
|
||||
- Got rid of default importing into roots keyring.
|
||||
- Removed some old keys.
|
||||
- Clarify that security@suse.de is a email only key
|
||||
- PTF key is supplied also as %doc, to not be default
|
||||
imported.
|
||||
- Keys currently inside:
|
||||
- pub 2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
|
||||
- pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||
- pub 1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com>
|
||||
- pub 2048R/3D25D3D9 SuSE Security Team <security@suse.de>
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 31 17:11:08 CET 2013 - ro@suse.de
|
||||
|
||||
BIN
suse-build-key.gpg
Normal file
BIN
suse-build-key.gpg
Normal file
Binary file not shown.
@ -26,16 +26,19 @@ License: GPL-2.0+
|
||||
Group: System/Packages
|
||||
Version: 12.0
|
||||
Release: 0
|
||||
Source0: suse-build-key.gpg
|
||||
Source1: dumpsigs
|
||||
|
||||
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
|
||||
# The main package signing key.
|
||||
Source0: gpg-pubkey-39db7c82-510a966b.asc
|
||||
Source2: gpg-pubkey-39db7c82-510a966b.asc
|
||||
# pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||
# Fallback key if main key gets lost.
|
||||
Source1: gpg-pubkey-50a3dd1c-50f35137.asc
|
||||
Source3: gpg-pubkey-50a3dd1c-50f35137.asc
|
||||
|
||||
# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
|
||||
# SLE11 build key, 1024bit.... Will not be used for SLE12, only temporary for building
|
||||
Source2: gpg-pubkey-307e3d54-4be01a65.asc
|
||||
# SLE11 build@suse.de key, 1024 bit
|
||||
Source4: gpg-pubkey-307e3d54-4be01a65.asc
|
||||
|
||||
# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
|
||||
# SUSE supplied PTF (program temporary fixes) are signed by this key.
|
||||
@ -47,7 +50,6 @@ Source98: suse_ptf_key.asc
|
||||
# Only used for E-Mail encryption and signing to/from security@suse.de.
|
||||
Source99: security_at_suse_de.asc
|
||||
|
||||
Source100: dumpsigs
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildArch: noarch
|
||||
%define keydir %{_prefix}/lib/rpm/gnupg/keys
|
||||
@ -69,24 +71,76 @@ cp %SOURCE99 .
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p $RPM_BUILD_ROOT%{keydir}
|
||||
for i in %sources; do
|
||||
case "$i" in
|
||||
*/gpg-pubkey-*.asc)
|
||||
install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
|
||||
;;
|
||||
esac
|
||||
done
|
||||
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
|
||||
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
mkdir keys
|
||||
cd keys
|
||||
$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
|
||||
cd ..
|
||||
cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
|
||||
touch $RPM_BUILD_ROOT/%{pubring}
|
||||
touch $RPM_BUILD_ROOT/%{pubring}~
|
||||
|
||||
%files
|
||||
%defattr(644,root,root)
|
||||
%doc security_at_suse_de.asc suse_ptf_key.asc
|
||||
%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
|
||||
%attr(755,root,root) %dir %{keydir}
|
||||
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
|
||||
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
|
||||
%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
|
||||
%{keydir}/gpg-pubkey-307e3d54-4be01a65.asc
|
||||
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
|
||||
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
|
||||
/usr/lib/rpm/gnupg/keys
|
||||
%config /%{susering}
|
||||
%ghost /%{pubring}
|
||||
%ghost /%{pubring}~
|
||||
|
||||
%post
|
||||
if [ ! -f %{pubring} ]; then
|
||||
touch %{pubring}
|
||||
fi
|
||||
echo -n "importing SuSE build key to rpm keyring... "
|
||||
TF=`mktemp /tmp/gpg.XXXXXX`
|
||||
if [ -z "$TF" ]; then
|
||||
echo "suse-build-key::post: cannot make temporary file. Fatal error."
|
||||
exit 20
|
||||
fi
|
||||
if [ -z "$HOME" ]; then
|
||||
HOME=/root
|
||||
export HOME
|
||||
fi
|
||||
if [ ! -d "$HOME" ]; then
|
||||
mkdir "$HOME"
|
||||
fi
|
||||
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
|
||||
# no kidding... gpg won't initialize correctly without being called twice.
|
||||
gpg < /dev/null > /dev/null 2>&1 || true
|
||||
gpg < /dev/null > /dev/null 2>&1 || true
|
||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
||||
--keyring %{susering} --export -a > $TF
|
||||
a="$?"
|
||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
||||
--keyring %{pubring} --import < $TF
|
||||
b="$?"
|
||||
rm -f "$TF"
|
||||
if [ "$a" = 0 -a "$b" = 0 ]; then
|
||||
echo "done."
|
||||
else
|
||||
echo "importing the key from the file %{susering}"
|
||||
echo "returned an error. This should not happen. It may not be possible"
|
||||
echo "to properly verify the authenticity of rpm packages from SuSE sources."
|
||||
echo "The keyring containing the SuSE rpm package signing key can be found"
|
||||
echo "in the root directory of the first CD (DVD) of your SuSE product."
|
||||
exit -1
|
||||
fi
|
||||
### import suse package build key to roots gpg keyring
|
||||
if test -f root/.gnupg/pubring.gpg ; then
|
||||
chroot . usr/bin/gpg --export --armor --no-default-keyring \
|
||||
--keyring %{susering} build@suse.de \
|
||||
| chroot . usr/bin/gpg --import || true
|
||||
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
|
||||
echo "gpg import for build@suse.de failed, please import manually" >&2
|
||||
fi
|
||||
else
|
||||
cp %{susering} root/.gnupg/pubring.gpg
|
||||
fi
|
||||
chmod 600 root/.gnupg/pubring.gpg
|
||||
|
||||
%changelog
|
||||
|
||||
Loading…
Reference in New Issue
Block a user