1
0
suse-build-key/suse-build-key.spec

179 lines
5.9 KiB
RPMSpec
Raw Normal View History

#
# spec file for package suse-build-key (Version 1.0)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: suse-build-key
BuildRequires: gpg
License: GPL v2 or later
Group: System/Packages
Provides: build-key
Requires: gpg
AutoReqProv: off
Summary: The public gpg key for rpm package signature verification
Version: 1.0
Release: 852
Source0: suse-build-key.gpg
Source1: dumpsigs
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%define pubring usr/lib/rpm/gnupg/pubring.gpg
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
PreReq: sh-utils gpg fileutils mktemp
%description
This package contains the gpg key that is used to sign official SuSE
rpm packages. It will be installed as a keyring in
/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
own keys to verify against should use the following commandline command
to add the key to the keyring as used by RPM:
gpg --no-options --no-default-keyring \ --keyring
/usr/lib/rpm/gnupg/pubring.gpg --import
%prep
rm -f foobarnosuchfileordirectory
#%setup
%build
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
touch $RPM_BUILD_ROOT/%{pubring}
touch $RPM_BUILD_ROOT/%{pubring}~
%files
%defattr(644,root,root)
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
%config /%{susering}
%ghost /%{pubring}
%ghost /%{pubring}~
%post
if [ ! -f %{pubring} ]; then
touch %{pubring}
fi
echo -n "importing SuSE build key to rpm keyring... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
echo "suse-build-key::post: cannot make temporary file. Fatal error."
exit 20
fi
if [ -z "$HOME" ]; then
HOME=/root
fi
if [ ! -d "$HOME" ]; then
mkdir "$HOME"
fi
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{susering} --export -a > $TF
a="$?"
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{pubring} --import < $TF
b="$?"
rm -f "$TF"
if [ "$a" = 0 -a "$b" = 0 ]; then
echo "done."
else
echo "importing the key from the file %{susering}"
echo "returned an error. This should not happen. It may not be possible"
echo "to properly verify the authenticity of rpm packages from SuSE sources."
echo "The keyring containing the SuSE rpm package signing key can be found"
echo "in the root directory of the first CD (DVD) of your SuSE product."
exit -1
fi
### import suse package build key to roots gpg keyring
if test -f root/.gnupg/pubring.gpg ; then
chroot . usr/bin/gpg --export --armor --no-default-keyring \
--keyring %{susering} build@suse.de \
| chroot . usr/bin/gpg --import || true
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
echo "gpg import for build@suse.de failed, please import manually" >&2
fi
else
cp %{susering} root/.gnupg/pubring.gpg
fi
chmod 600 root/.gnupg/pubring.gpg
%changelog
* Mon Jun 02 2008 ro@suse.de
- update keys again: for collaboration with rpm, the current
self-signature needs to be the first signature found in a key
* Mon May 05 2008 ro@suse.de
- updated keys
9C800ACA,8495160C,307E3D54: extend expiration by 2 years
until 2010-05-05
7E2E3B05: extend expiration by 2 years until 2010-05-24
* Mon Mar 19 2007 rguenther@suse.de
- merge suse-build-key keyring to roots gpg pubring
* Mon May 29 2006 ro@suse.de
- added new official provo dsa autobuild key ID 7E2E3B05
* Fri May 19 2006 ro@suse.de
- removed unused provo autobuild key
- added new official provo autobuild key ID A1912208
* Thu Apr 20 2006 ro@suse.de
- add dumpsigs script here to have _one_ place for the script
* Fri Mar 31 2006 ro@suse.de
- added build@suse.de rsa key ID 307E3D54
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Oct 18 2005 ro@suse.de
- use correct provo autobuild key
* Tue Oct 18 2005 ro@suse.de
- added provo autobuild signing key (#128128)
- removed jds key
* Fri May 27 2005 mls@suse.de
- added mktemp to PreReqs [#86177]
* Thu Apr 28 2005 ro@suse.de
- added JDS public key (15c17deb)
* Tue Jan 25 2005 ro@suse.de
- added OES public key (0dfb3188)
* Tue Jun 22 2004 ro@suse.de
- updated build key (expiration changed to 2008-06-21) (#42326)
* Tue Feb 24 2004 hmacht@suse.de
- building as non-root
* Tue Sep 09 2003 ro@suse.de
- ignore return code from first gpg calls
* Tue Sep 09 2003 draht@suse.de
- call gpg twice without any arguments for proper initialization
inside postinstall
* Tue Sep 09 2003 draht@suse.de
- use temp file instead of pipe due to resource race between two
instances of gpg in %%post.
* Thu Sep 05 2002 draht@suse.de
- package now installs key from package-owned file into the rpm
pubring in %%post to allow other key packages to add their keys.
* Tue Aug 20 2002 mmj@suse.de
- Correct PreReq
* Fri Jul 26 2002 kukuk@suse.de
- Change Provides from suse-build-key to build-key
* Thu Feb 21 2002 draht@suse.de
- directory permission problem: 644 -> 755.
* Mon Feb 18 2002 ro@suse.de
- moved to /usr/lib/rpm/gnupg/pubring.pgp
rpm needs a directory as gpg_path and will use pubring.gpg
in that directory
* Wed Feb 13 2002 draht@suse.de
- initial package. Contains
- pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
- pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
- sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]