diff --git a/.gitattributes b/.gitattributes index 9b03811..3bea813 100644 --- a/.gitattributes +++ b/.gitattributes @@ -21,3 +21,5 @@ *.xz filter=lfs diff=lfs merge=lfs -text *.zip filter=lfs diff=lfs merge=lfs -text *.zst filter=lfs diff=lfs merge=lfs -text +## Specific LFS patterns +openSUSE-build-key.gpg filter=lfs diff=lfs merge=lfs -text diff --git a/openSUSE-build-key.changes b/openSUSE-build-key.changes new file mode 100644 index 0000000..d3d2f02 --- /dev/null +++ b/openSUSE-build-key.changes @@ -0,0 +1,142 @@ +------------------------------------------------------------------- +Thu Sep 18 10:44:04 CEST 2008 - adrian@suse.de + +- Branch package from suse-build-key and create it as openSUSE-build-key +- Add openSUSE:Factory key as official distribution key + +------------------------------------------------------------------- +Mon Jun 2 15:45:33 CEST 2008 - ro@suse.de + +- update keys again: for collaboration with rpm, the current + self-signature needs to be the first signature found in a key + +------------------------------------------------------------------- +Mon May 5 18:31:20 CEST 2008 - ro@suse.de + +- updated keys + 9C800ACA,8495160C,307E3D54: extend expiration by 2 years + until 2010-05-05 + 7E2E3B05: extend expiration by 2 years until 2010-05-24 + +------------------------------------------------------------------- +Mon Mar 19 16:49:05 CET 2007 - rguenther@suse.de + +- merge suse-build-key keyring to roots gpg pubring + +------------------------------------------------------------------- +Mon May 29 17:20:45 CEST 2006 - ro@suse.de + +- added new official provo dsa autobuild key ID 7E2E3B05 + +------------------------------------------------------------------- +Fri May 19 14:02:59 CEST 2006 - ro@suse.de + +- removed unused provo autobuild key +- added new official provo autobuild key ID A1912208 + +------------------------------------------------------------------- +Thu Apr 20 12:47:18 CEST 2006 - ro@suse.de + +- add dumpsigs script here to have _one_ place for the script + +------------------------------------------------------------------- +Fri Mar 31 16:53:02 CEST 2006 - ro@suse.de + +- added build@suse.de rsa key ID 307E3D54 + +------------------------------------------------------------------- +Wed Jan 25 21:47:54 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Oct 18 17:47:07 CEST 2005 - ro@suse.de + +- use correct provo autobuild key + +------------------------------------------------------------------- +Tue Oct 18 12:28:04 CEST 2005 - ro@suse.de + +- added provo autobuild signing key (#128128) +- removed jds key + +------------------------------------------------------------------- +Fri May 27 14:47:30 CEST 2005 - mls@suse.de + +- added mktemp to PreReqs [#86177] + +------------------------------------------------------------------- +Thu Apr 28 11:45:36 CEST 2005 - ro@suse.de + +- added JDS public key (15c17deb) + +------------------------------------------------------------------- +Tue Jan 25 18:10:26 CET 2005 - ro@suse.de + +- added OES public key (0dfb3188) + +------------------------------------------------------------------- +Tue Jun 22 12:28:07 CEST 2004 - ro@suse.de + +- updated build key (expiration changed to 2008-06-21) (#42326) + +------------------------------------------------------------------- +Tue Feb 24 12:19:49 CET 2004 - hmacht@suse.de + +- building as non-root + +------------------------------------------------------------------- +Tue Sep 9 18:51:02 CEST 2003 - ro@suse.de + +- ignore return code from first gpg calls + +------------------------------------------------------------------- +Tue Sep 9 18:23:07 MEST 2003 - draht@suse.de + +- call gpg twice without any arguments for proper initialization + inside postinstall + +------------------------------------------------------------------- +Tue Sep 9 17:43:55 MEST 2003 - draht@suse.de + +- use temp file instead of pipe due to resource race between two + instances of gpg in %post. + +------------------------------------------------------------------- +Thu Sep 5 04:56:32 CEST 2002 - draht@suse.de + +- package now installs key from package-owned file into the rpm + pubring in %post to allow other key packages to add their keys. + +------------------------------------------------------------------- +Tue Aug 20 10:46:52 CEST 2002 - mmj@suse.de + +- Correct PreReq + +------------------------------------------------------------------- +Fri Jul 26 09:50:14 CEST 2002 - kukuk@suse.de + +- Change Provides from suse-build-key to build-key + +------------------------------------------------------------------- +Thu Feb 21 00:10:52 MET 2002 - draht@suse.de + +- directory permission problem: 644 -> 755. + +------------------------------------------------------------------- +Mon Feb 18 12:16:34 CET 2002 - ro@suse.de + +- moved to /usr/lib/rpm/gnupg/pubring.pgp + rpm needs a directory as gpg_path and will use pubring.gpg + in that directory + +------------------------------------------------------------------- +Wed Feb 13 20:45:46 MET 2002 - draht@suse.de + +- initial package. Contains + - pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team + + - pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key + - sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12] + + diff --git a/openSUSE-build-key.gpg b/openSUSE-build-key.gpg new file mode 100644 index 0000000..9fe95aa --- /dev/null +++ b/openSUSE-build-key.gpg @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b831e5ca64b65e83c06d7ec87cc8c224eb8af166f30a0adbc6c4ce682d735422 +size 6277 diff --git a/openSUSE-build-key.spec b/openSUSE-build-key.spec new file mode 100644 index 0000000..683aa8e --- /dev/null +++ b/openSUSE-build-key.spec @@ -0,0 +1,179 @@ +# +# spec file for package suse-build-key (Version 1.0) +# +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + + +Name: openSUSE-build-key +BuildRequires: gpg +License: GPL v2 or later +Group: System/Packages +Provides: build-key +Conflicts: suse-build-key +Requires: gpg +AutoReqProv: off +Summary: The public gpg key for rpm package signature verification +Version: 1.0 +Release: 852 +Source0: openSUSE-build-key.gpg +Source1: dumpsigs +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildArch: noarch +%define pubring usr/lib/rpm/gnupg/pubring.gpg +%define susering usr/lib/rpm/gnupg/suse-build-key.gpg +PreReq: sh-utils gpg fileutils mktemp + +%description +This package contains the gpg key that is used to sign official SuSE +rpm packages. It will be installed as a keyring in +/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their +own keys to verify against should use the following commandline command +to add the key to the keyring as used by RPM: + +gpg --no-options --no-default-keyring \ --keyring +/usr/lib/rpm/gnupg/pubring.gpg --import + + + +%prep +rm -f foobarnosuchfileordirectory +#%setup + +%build + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg +install %{SOURCE0} $RPM_BUILD_ROOT/%{susering} +install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg +touch $RPM_BUILD_ROOT/%{pubring} +touch $RPM_BUILD_ROOT/%{pubring}~ + +%files +%defattr(644,root,root) +%attr(755,root,root) %dir /usr/lib/rpm/gnupg +%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs +%config /%{susering} +%ghost /%{pubring} +%ghost /%{pubring}~ + +%post +if [ ! -f %{pubring} ]; then + touch %{pubring} +fi +echo -n "importing SuSE build key to rpm keyring... " +TF=`mktemp /tmp/gpg.XXXXXX` +if [ -z "$TF" ]; then + echo "suse-build-key::post: cannot make temporary file. Fatal error." + exit 20 +fi +if [ -z "$HOME" ]; then + HOME=/root +fi +if [ ! -d "$HOME" ]; then + mkdir "$HOME" +fi +gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true +# no kidding... gpg won't initialize correctly without being called twice. +gpg < /dev/null > /dev/null 2>&1 || true +gpg < /dev/null > /dev/null 2>&1 || true +gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ + --keyring %{susering} --export -a > $TF +a="$?" +gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ + --keyring %{pubring} --import < $TF +b="$?" +rm -f "$TF" +if [ "$a" = 0 -a "$b" = 0 ]; then + echo "done." +else + echo "importing the key from the file %{susering}" + echo "returned an error. This should not happen. It may not be possible" + echo "to properly verify the authenticity of rpm packages from SuSE sources." + echo "The keyring containing the SuSE rpm package signing key can be found" + echo "in the root directory of the first CD (DVD) of your SuSE product." + exit -1 +fi +### import suse package build key to roots gpg keyring +if test -f root/.gnupg/pubring.gpg ; then + chroot . usr/bin/gpg --export --armor --no-default-keyring \ + --keyring %{susering} build@suse.de \ + | chroot . usr/bin/gpg --import || true + if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then + echo "gpg import for build@suse.de failed, please import manually" >&2 + fi +else + cp %{susering} root/.gnupg/pubring.gpg +fi +chmod 600 root/.gnupg/pubring.gpg + +%changelog +* Mon Jun 02 2008 ro@suse.de +- update keys again: for collaboration with rpm, the current + self-signature needs to be the first signature found in a key +* Mon May 05 2008 ro@suse.de +- updated keys + 9C800ACA,8495160C,307E3D54: extend expiration by 2 years + until 2010-05-05 + 7E2E3B05: extend expiration by 2 years until 2010-05-24 +* Mon Mar 19 2007 rguenther@suse.de +- merge suse-build-key keyring to roots gpg pubring +* Mon May 29 2006 ro@suse.de +- added new official provo dsa autobuild key ID 7E2E3B05 +* Fri May 19 2006 ro@suse.de +- removed unused provo autobuild key +- added new official provo autobuild key ID A1912208 +* Thu Apr 20 2006 ro@suse.de +- add dumpsigs script here to have _one_ place for the script +* Fri Mar 31 2006 ro@suse.de +- added build@suse.de rsa key ID 307E3D54 +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Tue Oct 18 2005 ro@suse.de +- use correct provo autobuild key +* Tue Oct 18 2005 ro@suse.de +- added provo autobuild signing key (#128128) +- removed jds key +* Fri May 27 2005 mls@suse.de +- added mktemp to PreReqs [#86177] +* Thu Apr 28 2005 ro@suse.de +- added JDS public key (15c17deb) +* Tue Jan 25 2005 ro@suse.de +- added OES public key (0dfb3188) +* Tue Jun 22 2004 ro@suse.de +- updated build key (expiration changed to 2008-06-21) (#42326) +* Tue Feb 24 2004 hmacht@suse.de +- building as non-root +* Tue Sep 09 2003 ro@suse.de +- ignore return code from first gpg calls +* Tue Sep 09 2003 draht@suse.de +- call gpg twice without any arguments for proper initialization + inside postinstall +* Tue Sep 09 2003 draht@suse.de +- use temp file instead of pipe due to resource race between two + instances of gpg in %%post. +* Thu Sep 05 2002 draht@suse.de +- package now installs key from package-owned file into the rpm + pubring in %%post to allow other key packages to add their keys. +* Tue Aug 20 2002 mmj@suse.de +- Correct PreReq +* Fri Jul 26 2002 kukuk@suse.de +- Change Provides from suse-build-key to build-key +* Thu Feb 21 2002 draht@suse.de +- directory permission problem: 644 -> 755. +* Mon Feb 18 2002 ro@suse.de +- moved to /usr/lib/rpm/gnupg/pubring.pgp + rpm needs a directory as gpg_path and will use pubring.gpg + in that directory +* Wed Feb 13 2002 draht@suse.de +- initial package. Contains + - pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team + - pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key + - sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]