Compare commits

..

No commits in common. "factory" and "factory" have entirely different histories.

6 changed files with 72 additions and 28 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

View File

@ -1,19 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.15 (GNU/Linux)
mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYCGwMGCwkIBwMCBBUC
CAMEFgIDAQIeAQIXgAUCX2himwUJFeKaMAAKCRBwr56BOdt8glQcCACXQAkHKf0y
7EPlayuX/EHc8sro4IAJDZqQFiPaJh8F+5HWD36+iw3D/HlOlzbd2y9oVqtbVDZV
amOJ0KV+l2oxPbMVg32plYGXLlXh1Gwp7/lLWieceXVzf3AbleejgXfafUyiCuvj
VaQyPNcGlEXIjiwi3qulw0+2rYAiUAf6KEq4wM9a/KLTLMhvxi2NigC+MiIbZtmt
HlpFhMkp+Bdpdcqtz6cAucE3dSpVQcvkfNLOkZgrtkZfzkNBPaWnyZLtWdSrQah2
vdIQX+RvMYVAQP4x+aL44ALlhnyeUST0wIX4AH82ifSnpvz/rEb1kpERj3XhwW+N
NPBstHtGpA+l
=cJ/8
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -0,0 +1,18 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JAVMEEwEIAD0CGwMGCwkIBwMCBBUC
CAMEFgIDAQIeAQIXgBYhBP6rUCU52EbbLAlhynCvnoE523yCBQJmxdkaBQkdeMEv
AAoJEHCvnoE523yCsyEH/1NZhXtgIa4kFCZdWhPhXPvqz7IkIm62yXpS3Iseivbm
rxzQNXNlQVLnaOOKZX4nEUyh1lr+w18PGlb1yIdMjQqt04hwFgCU+q99cTfrAHG5
jzirSq9I2iBjn+zARCjLzJsD+dH7JGfEMm0lxtPyMRoNJ6bq8eEkjEtKxDOg0iTE
vQ4eboRlR0a8hH06tauPfeWx6Ri6hIobN3TNdCY/RQe4WeyYL8vEog3c7uYYag/V
iMFfj8QzRHgkkcCE9W3TTfr1K/h8AGZTW0uJH4YQhl2HqUsspKmicZIbK/W9M87l
HUyO8EgreF1MuKsg1GWxV2OikZAJKMcNs6EhzLWUWHs=
=5hye
-----END PGP PUBLIC KEY BLOCK-----

13
key2rpmname Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
function keyname() {
for key in "$@"; do
while read line; do
[ "${line:0:4}" = "pub:" ] || continue
IFS=: eval set -- "\$line"
keyid="${5:8}"
printf "gpg-pubkey-%s-%08x\n" "${keyid,,}" "$6"
done < <(gpg --with-colons --import-options show-only --import 2>/dev/null < "$key")
done
}
keyname "$@"

View File

@ -1,3 +1,25 @@
-------------------------------------------------------------------
Wed Aug 21 15:36:57 UTC 2024 - Marcus Meissner <meissner@suse.com>
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
-------------------------------------------------------------------
Tue Jul 30 14:33:40 UTC 2024 - Eugenio Paolantonio <eugenio.paolantonio@suse.com>
- ensure key2rpmname is called using bash.
-------------------------------------------------------------------
Fri Jul 19 08:47:17 UTC 2024 - Marcus Meissner <meissner@suse.com>
- make the per-project inclusion optional, default off.
-------------------------------------------------------------------
Thu Jul 18 12:13:36 UTC 2024 - Marcus Meissner <meissner@suse.com>
- also include the GPG key from the current build project
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner <meissner@suse.com> Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner <meissner@suse.com>

View File

@ -14,8 +14,12 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
# needspubkeyforbuild
%bcond_with build_key_include_prjkey
Name: suse-build-key Name: suse-build-key
BuildRequires: gpg BuildRequires: gpg
Provides: build-key Provides: build-key
@ -25,9 +29,10 @@ Group: System/Packages
Version: 12.0 Version: 12.0
Release: 0 Release: 0
Source1000: key2rpmname
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de> # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# The main package signing key. # The main package signing key.
Source0: gpg-pubkey-39db7c82-5f68629b.asc Source0: gpg-pubkey-39db7c82-66c5d91a.asc
#pub rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18] #pub rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18]
# Key fingerprint = 7F00 9157 B127 B994 D5CF BE76 F74F 09BC 3FA1 D6CE # Key fingerprint = 7F00 9157 B127 B994 D5CF BE76 F74F 09BC 3FA1 D6CE
#uid SUSE Package Signing Key <build@suse.de> #uid SUSE Package Signing Key <build@suse.de>
@ -116,6 +121,16 @@ cp %SOURCE99 .
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{keydir} mkdir -p $RPM_BUILD_ROOT%{keydir}
%if %{with build_key_include_prjkey}
if [ -e "%_sourcedir/_pubkey" ]; then
name="$(bash %{SOURCE1000} %_sourcedir/_pubkey).asc"
if [ ! -e "%_sourcedir/$name" ]; then
install -D -m 644 %_sourcedir/_pubkey %{buildroot}%keydir/"$name"
fi
fi
%endif
for i in %sources; do for i in %sources; do
case "$i" in case "$i" in
*/gpg-pubkey-*.asc|*/*ptf*.asc) */gpg-pubkey-*.asc|*/*ptf*.asc)
@ -123,6 +138,7 @@ for i in %sources; do
;; ;;
esac esac
done done
%if 0%{?suse_version} && 0%{?suse_version} < 1120 %if 0%{?suse_version} && 0%{?suse_version} < 1120
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
%endif %endif
@ -144,14 +160,7 @@ install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container
%if 0%{?suse_version} && 0%{?suse_version} < 1120 %if 0%{?suse_version} && 0%{?suse_version} < 1120
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
%endif %endif
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-*.asc
%{keydir}/gpg-pubkey-39db7c82-5f68629b.asc
# SLES 11 key no longer added
#{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc
%{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc
%{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc
%{keydir}/gpg-pubkey-73f03759-626bd414.asc
%{keydir}/gpg-pubkey-25db7ae0-645bae34.asc
%{keydir}/suse_ptf_4096_key.asc %{keydir}/suse_ptf_4096_key.asc
%{keydir}/suse_ptf_key.asc %{keydir}/suse_ptf_key.asc
%{containerkeydir}/suse-container-key.asc %{containerkeydir}/suse-container-key.asc