forked from pool/suse-build-key
Accepting request 213302 from home:msmeissn:branches:Base:System
- Merged over logic from openSUSE-build-key. - Got rid of default importing into roots keyring. - Removed some old keys. - Clarify that security@suse.de is a email only key - PTF key is supplied also as %doc, to not be default imported. - Keys currently inside: - pub 2048R/39DB7C82 SuSE Package Signing Key <build@suse.de> - pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de> - pub 1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com> - pub 2048R/3D25D3D9 SuSE Security Team <security@suse.de> OBS-URL: https://build.opensuse.org/request/show/213302 OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=9
This commit is contained in:
parent
8016e44ace
commit
4f52763dd1
2
.gitattributes
vendored
2
.gitattributes
vendored
@ -21,5 +21,3 @@
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
||||
## Specific LFS patterns
|
||||
suse-build-key.gpg filter=lfs diff=lfs merge=lfs -text
|
||||
|
21
gpg-pubkey-39db7c82-510a966b.asc
Normal file
21
gpg-pubkey-39db7c82-510a966b.asc
Normal file
@ -0,0 +1,21 @@
|
||||
70AF9E8139DB7C82 SuSE Package Signing Key <build@suse.de>
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||
|
||||
mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
|
||||
YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
|
||||
91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
|
||||
hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
|
||||
vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
|
||||
L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
|
||||
aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYFAlEKlmsCGwMFCQeE
|
||||
zgAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBwr56BOdt8gomGCAC13Pi60I6O
|
||||
8GJ03BQrmVyyJrDcwJxxqw0HmIENf3rDLMYTBuduM3mNm5Fy2Gl2IuWD9mHvckQs
|
||||
0xa+A7mAwHXhIXWFCrZWyRH16w93BzjjLGiMMKimE8mg4XcaRL1FJhxGqq7FpLga
|
||||
XpQofkw0yFcavuubETpDR3w4qiRVsNKq4RM00pMCpTpJDWamFJm/oOUmBE45Q071
|
||||
v9C4oQHPsBNK/yMtlRssel815Xx4lbJIpKAg4BRtyBHWCzH/gVRGhYA8xDs/DEvu
|
||||
Z9mswBdniP+K1XSkr+NtxFvtkAy/C2Q2qk3sqpCMOt3MDGTyBgqIoplE/4XRCis9
|
||||
d7b1v1zv4/hN
|
||||
=sQXd
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
21
gpg-pubkey-50a3dd1c-50f35137.asc
Normal file
21
gpg-pubkey-50a3dd1c-50f35137.asc
Normal file
@ -0,0 +1,21 @@
|
||||
5EAF444450A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||
|
||||
mQENBFDzUTcBCADQ3p9ch1aR6cBqL+O7UNO+zFNTI5WxLf4tegWP8uuxK5tJTgXO
|
||||
tjnwWmWIaijO6yfCtlBu8hD2Zp9sMenDY42yM5/uII0RpszqzqwwK5onnjGcSkWZ
|
||||
8jAAn+mtLIJvCLCwTqwEM4mTdTZROtCnttHXZr4GFrqpeAh+SKEWIoMF66N1FSb6
|
||||
S0evzYw3ryjbFY0pial9/hqqnsTWCNHzE1Up7qdNIPxDV8UGyUzm70/xMMjJSIkB
|
||||
aGpRdhILfZgyH6Ajhm7VCPPzW/BO30RSjHDnyo3hR39jE+KxvdgqTz+AthK5z+p2
|
||||
mwQ+ohTAo4dGb0lyZYFpXD7ucEl9w1ygzUe/ABEBAAG0NlN1U0UgUGFja2FnZSBT
|
||||
aWduaW5nIEtleSAocmVzZXJ2ZSBrZXkpIDxidWlsZEBzdXNlLmRlPokBPAQTAQIA
|
||||
JgUCUPNRNwIbAwUJB4TOAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEF6vRERQ
|
||||
o90cr+kH/RwB21ma7cQvZ1lHvgcOTuM7Ttqq6x7uuFFDXCIdmbDHv1ocQI5Z3VCb
|
||||
/7w+J8ZcBwNcr7i9Qsayu7umCILEOO8pNn/SlJVz6Kr6j6L8oAC3XHbXYrHacwMR
|
||||
y9jQPCDqP7WZduRgEW2VWnIoNp6p/DAj724EmfLzURwLG1QKiLnOLtpygzyquk3S
|
||||
gPGqgro+hCWX/VWgtBEKd33mgvwCBGjIe86VMvLCgtggyoBWDXYvsQMBO62fnk5w
|
||||
Btwum/m8VPhWhcrbUK60ZsHbdwfmsBOKxewf2vIuKUcqJnIYCfsuBgx9xUxiNlGR
|
||||
BVJIlG17h0jlRbEuuRez2397vU8Zw08=
|
||||
=SfX3
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
28
security_at_suse_de.asc
Normal file
28
security_at_suse_de.asc
Normal file
@ -0,0 +1,28 @@
|
||||
77B2E6003D25D3D9 SuSE Security Team <security@suse.de>
|
||||
|
||||
The block below contains the public key of the SUSE Security team.
|
||||
It's used to sign security advisories and other imporant
|
||||
announcents concerning the distribution. To be able to verify
|
||||
signatures made with that key you need to import this file into your
|
||||
keyring using the following command:
|
||||
|
||||
gpg --import security_at_suse_de.asc
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.16 (GNU/Linux)
|
||||
|
||||
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
|
||||
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
|
||||
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
|
||||
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
|
||||
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
|
||||
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
|
||||
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
|
||||
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
|
||||
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
|
||||
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
|
||||
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
|
||||
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
|
||||
zinsSx2OrWgvSiLEXXYK
|
||||
=m7kg
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
@ -1,3 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 9 12:29:53 UTC 2014 - meissner@suse.com
|
||||
|
||||
- Merged over logic from openSUSE-build-key.
|
||||
- Got rid of default importing into roots keyring.
|
||||
- Removed some old keys.
|
||||
- Clarify that security@suse.de is a email only key
|
||||
- PTF key is supplied also as %doc, to not be default
|
||||
imported.
|
||||
- Keys currently inside:
|
||||
- pub 2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
|
||||
- pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||
- pub 1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com>
|
||||
- pub 2048R/3D25D3D9 SuSE Security Team <security@suse.de>
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 31 17:11:08 CET 2013 - ro@suse.de
|
||||
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:59c8d0592205de77964cbda7dbd3b9db9bfd343cbc347fa7756985f7a8a6b7cd
|
||||
size 6774
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package suse-build-key
|
||||
#
|
||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -24,106 +24,64 @@ AutoReqProv: off
|
||||
Summary: The public gpg key for rpm package signature verification
|
||||
License: GPL-2.0+
|
||||
Group: System/Packages
|
||||
Version: 1.0
|
||||
Release: 907.<RELEASE42>
|
||||
Source0: suse-build-key.gpg
|
||||
Source1: dumpsigs
|
||||
Version: 12.0
|
||||
Release: 0
|
||||
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
|
||||
# The main package signing key.
|
||||
Source0: gpg-pubkey-39db7c82-510a966b.asc
|
||||
# pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||
# Fallback key if main key gets lost.
|
||||
Source1: gpg-pubkey-50a3dd1c-50f35137.asc
|
||||
|
||||
# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
|
||||
# SUSE supplied PTF (program temporary fixes) are signed by this key.
|
||||
# supplied to be not imported by default
|
||||
Source98: suse_ptf_key.asc
|
||||
|
||||
# pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
|
||||
# security@suse.de communication key.
|
||||
# Only used for E-Mail encryption and signing to/from security@suse.de.
|
||||
Source99: security_at_suse_de.asc
|
||||
|
||||
Source100: dumpsigs
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildArch: noarch
|
||||
%define pubring usr/lib/rpm/gnupg/pubring.gpg
|
||||
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
|
||||
%define keydir %{_prefix}/lib/rpm/gnupg/keys
|
||||
PreReq: sh-utils gpg fileutils mktemp
|
||||
|
||||
%description
|
||||
This package contains the gpg key that is used to sign official SuSE
|
||||
rpm packages. It will be installed as a keyring in
|
||||
/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
|
||||
own keys to verify against should use the following commandline command
|
||||
to add the key to the keyring as used by RPM:
|
||||
|
||||
gpg --no-options --no-default-keyring \ --keyring
|
||||
/usr/lib/rpm/gnupg/pubring.gpg --import
|
||||
This package contains the gpg keys that are used to sign the
|
||||
SUSE rpm packages. The keys installed here are not actually
|
||||
used by anything. rpm/zypper use the keys in the rpm db instead.
|
||||
|
||||
|
||||
|
||||
%prep
|
||||
rm -f foobarnosuchfileordirectory
|
||||
#%setup
|
||||
%setup -qcT
|
||||
|
||||
%build
|
||||
cp %SOURCE98 .
|
||||
cp %SOURCE99 .
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
|
||||
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
mkdir keys
|
||||
cd keys
|
||||
$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
|
||||
cd ..
|
||||
cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
|
||||
touch $RPM_BUILD_ROOT/%{pubring}
|
||||
touch $RPM_BUILD_ROOT/%{pubring}~
|
||||
mkdir -p $RPM_BUILD_ROOT%{keydir}
|
||||
for i in %sources; do
|
||||
case "$i" in
|
||||
*/gpg-pubkey-*.asc)
|
||||
install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
|
||||
;;
|
||||
esac
|
||||
done
|
||||
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
|
||||
%files
|
||||
%defattr(644,root,root)
|
||||
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
|
||||
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
|
||||
/usr/lib/rpm/gnupg/keys
|
||||
%config /%{susering}
|
||||
%ghost /%{pubring}
|
||||
%ghost /%{pubring}~
|
||||
|
||||
%post
|
||||
if [ ! -f %{pubring} ]; then
|
||||
touch %{pubring}
|
||||
fi
|
||||
echo -n "importing SuSE build key to rpm keyring... "
|
||||
TF=`mktemp /tmp/gpg.XXXXXX`
|
||||
if [ -z "$TF" ]; then
|
||||
echo "suse-build-key::post: cannot make temporary file. Fatal error."
|
||||
exit 20
|
||||
fi
|
||||
if [ -z "$HOME" ]; then
|
||||
HOME=/root
|
||||
export HOME
|
||||
fi
|
||||
if [ ! -d "$HOME" ]; then
|
||||
mkdir "$HOME"
|
||||
fi
|
||||
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
|
||||
# no kidding... gpg won't initialize correctly without being called twice.
|
||||
gpg < /dev/null > /dev/null 2>&1 || true
|
||||
gpg < /dev/null > /dev/null 2>&1 || true
|
||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
||||
--keyring %{susering} --export -a > $TF
|
||||
a="$?"
|
||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
||||
--keyring %{pubring} --import < $TF
|
||||
b="$?"
|
||||
rm -f "$TF"
|
||||
if [ "$a" = 0 -a "$b" = 0 ]; then
|
||||
echo "done."
|
||||
else
|
||||
echo "importing the key from the file %{susering}"
|
||||
echo "returned an error. This should not happen. It may not be possible"
|
||||
echo "to properly verify the authenticity of rpm packages from SuSE sources."
|
||||
echo "The keyring containing the SuSE rpm package signing key can be found"
|
||||
echo "in the root directory of the first CD (DVD) of your SuSE product."
|
||||
exit -1
|
||||
fi
|
||||
### import suse package build key to roots gpg keyring
|
||||
if test -f root/.gnupg/pubring.gpg ; then
|
||||
chroot . usr/bin/gpg --export --armor --no-default-keyring \
|
||||
--keyring %{susering} build@suse.de \
|
||||
| chroot . usr/bin/gpg --import || true
|
||||
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
|
||||
echo "gpg import for build@suse.de failed, please import manually" >&2
|
||||
fi
|
||||
else
|
||||
cp %{susering} root/.gnupg/pubring.gpg
|
||||
fi
|
||||
chmod 600 root/.gnupg/pubring.gpg
|
||||
%doc security_at_suse_de.asc suse_ptf_key.asc
|
||||
%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
|
||||
%attr(755,root,root) %dir %{keydir}
|
||||
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
|
||||
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
|
||||
%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
|
||||
|
||||
%changelog
|
||||
|
26
suse_ptf_key.asc
Normal file
26
suse_ptf_key.asc
Normal file
@ -0,0 +1,26 @@
|
||||
6C74CE73B37B98A9 SUSE PTF Signing Key <support@suse.com>
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||
|
||||
mQGiBEKCDxcRBAC8XEA/xoFsF6c9QHU0aA3JBCQC3Jhpdv1+YzZOHDaSUziQ2ZL8
|
||||
12pt5oMg7qE0i5j0+zwL/0TUi4W8tar86a9gxRHzWgSkTiz4H2MvXSy5Qrnu1+Ho
|
||||
MCAWMEL4s2JftKVu0XFRuT4nNHVi80JZxRzmF2EBLvtz7jrRHT/N/5A4FwCg+PE1
|
||||
wR2NC89ux+VfxoR8UzQu4wUD/2ZBslJyLYE6rpUFYHceSK3gOlPSIlCn3OYlVDY3
|
||||
AgYsqYH5gEOHxQeqigukk+tffyHIr5wdzTgTrPeL7v+TpgVHuRRuw7Dl9oi1PyoW
|
||||
/PzNPjNSlXQCLUocY/ctCjre+WxjiewDPqmYVYS8Ie2DZMTFJ4w27mazfTJYgcPl
|
||||
mmwqA/oDFSaXdRl0csqWi6XvjbUJKSVlDc8IuulB1IRLNk94+xKoDtC2xxp8zEVB
|
||||
xBqmbT6pM1k3+KVzGL7oSHl4uMqzOkbRfKgKL/6ahJnLAGJPfPdFeIyGmvWDG915
|
||||
TE8oMesJq/MSaohxdJ6dywkhjd19Cbdts02scIfSu5yzMXHCm7QnU1VTRSBQVEYg
|
||||
U2lnbmluZyBLZXkgPHN1cHBvcnRAc3VzZS5jb20+iGIEExECACICGwMECwcDAgMV
|
||||
AgMDFgIBAh4BAheABQJL4BoaBQkQ4tkDAAoJEGx0znOze5ipiDoAn0YH3g6kFZfO
|
||||
BcxASwMft1iuWVT5AKCQFQ1deyNwXvo+eCH/dGpt5nj1d7kBDQRCgg8ZEAQAkwPg
|
||||
vF3r+7NNqgJyiW4w5yGXgu5H4Kmd9wXAT6sUOPU+4GRJJep0dUxHgdis2BboBDlO
|
||||
YVWE061pua8Ut6mA5Rx0/KOCeTL3SJtXMcknop/4fSLfnPN0/bsbALAN7RtmEJnV
|
||||
QXba7C/jY04J2p0wtWfF9Zh2/O0EaPmiVjkakHMAAwUD/0T/fMgYwD1ROk1aB7KW
|
||||
0bcro2hYfXCPTZtpZI6qfRbwKr8SQ6wSSWRi+p1hrtY6SBSNqw3mW4K42bPewanI
|
||||
KdGc9mDt2ecQK5TAScL6VKwPvR0LK5GXJsYZjm1/uf4dWAfoy5T8jqObjL+uavtd
|
||||
RKcJVbquhZwMeAeOqiPaCFMliEwEGBECAAwFAkvgGiYFCRDi2Q0ACgkQbHTOc7N7
|
||||
mKndUgCfUmb1pAbgOJ3axZbe9HSwAb/BxlEAoKriKwSDH8XsRPQSp493OfB5UDpP
|
||||
=GBuj
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
Loading…
Reference in New Issue
Block a user