1
0
Marcus Meissner 2014-01-13 15:08:11 +00:00 committed by Git OBS Bridge
parent 89676078b4
commit 219c4f81e0
3 changed files with 87 additions and 33 deletions

View File

@ -1,7 +1,7 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 13 14:54:19 UTC 2014 - meissner@suse.com Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com
- temporary readd the old SLE11 1024bit build@suse.de key - reverted to build SLE12 Alpha2.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 9 12:29:53 UTC 2014 - meissner@suse.com Thu Jan 9 12:29:53 UTC 2014 - meissner@suse.com

BIN
suse-build-key.gpg Normal file

Binary file not shown.

View File

@ -26,16 +26,19 @@ License: GPL-2.0+
Group: System/Packages Group: System/Packages
Version: 12.0 Version: 12.0
Release: 0 Release: 0
Source0: suse-build-key.gpg
Source1: dumpsigs
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de> # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# The main package signing key. # The main package signing key.
Source0: gpg-pubkey-39db7c82-510a966b.asc Source2: gpg-pubkey-39db7c82-510a966b.asc
# pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de> # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
# Fallback key if main key gets lost. # Fallback key if main key gets lost.
Source1: gpg-pubkey-50a3dd1c-50f35137.asc Source3: gpg-pubkey-50a3dd1c-50f35137.asc
# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de> # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
# SLE11 build key, 1024bit.... Will not be used for SLE12, only temporary for building # SLE11 build@suse.de key, 1024 bit
Source2: gpg-pubkey-307e3d54-4be01a65.asc Source4: gpg-pubkey-307e3d54-4be01a65.asc
# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com> # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
# SUSE supplied PTF (program temporary fixes) are signed by this key. # SUSE supplied PTF (program temporary fixes) are signed by this key.
@ -47,7 +50,6 @@ Source98: suse_ptf_key.asc
# Only used for E-Mail encryption and signing to/from security@suse.de. # Only used for E-Mail encryption and signing to/from security@suse.de.
Source99: security_at_suse_de.asc Source99: security_at_suse_de.asc
Source100: dumpsigs
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch BuildArch: noarch
%define keydir %{_prefix}/lib/rpm/gnupg/keys %define keydir %{_prefix}/lib/rpm/gnupg/keys
@ -69,24 +71,76 @@ cp %SOURCE99 .
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{keydir} mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
for i in %sources; do install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
case "$i" in install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
*/gpg-pubkey-*.asc) mkdir keys
install -m 644 "$i" $RPM_BUILD_ROOT%{keydir} cd keys
;; $RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
esac cd ..
done cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
touch $RPM_BUILD_ROOT/%{pubring}
touch $RPM_BUILD_ROOT/%{pubring}~
%files %files
%defattr(644,root,root) %defattr(644,root,root)
%doc security_at_suse_de.asc suse_ptf_key.asc %attr(755,root,root) %dir /usr/lib/rpm/gnupg
%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg %attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
%attr(755,root,root) %dir %{keydir} /usr/lib/rpm/gnupg/keys
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs %config /%{susering}
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %ghost /%{pubring}
%{keydir}/gpg-pubkey-39db7c82-510a966b.asc %ghost /%{pubring}~
%{keydir}/gpg-pubkey-307e3d54-4be01a65.asc
%post
if [ ! -f %{pubring} ]; then
touch %{pubring}
fi
echo -n "importing SuSE build key to rpm keyring... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
echo "suse-build-key::post: cannot make temporary file. Fatal error."
exit 20
fi
if [ -z "$HOME" ]; then
HOME=/root
export HOME
fi
if [ ! -d "$HOME" ]; then
mkdir "$HOME"
fi
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{susering} --export -a > $TF
a="$?"
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{pubring} --import < $TF
b="$?"
rm -f "$TF"
if [ "$a" = 0 -a "$b" = 0 ]; then
echo "done."
else
echo "importing the key from the file %{susering}"
echo "returned an error. This should not happen. It may not be possible"
echo "to properly verify the authenticity of rpm packages from SuSE sources."
echo "The keyring containing the SuSE rpm package signing key can be found"
echo "in the root directory of the first CD (DVD) of your SuSE product."
exit -1
fi
### import suse package build key to roots gpg keyring
if test -f root/.gnupg/pubring.gpg ; then
chroot . usr/bin/gpg --export --armor --no-default-keyring \
--keyring %{susering} build@suse.de \
| chroot . usr/bin/gpg --import || true
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
echo "gpg import for build@suse.de failed, please import manually" >&2
fi
else
cp %{susering} root/.gnupg/pubring.gpg
fi
chmod 600 root/.gnupg/pubring.gpg
%changelog %changelog