- Went to new method again.

- suse-build-key.gpg blob dropped - ship seperate files OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=20
2014-08-29 08:29:05 +00:00 · 2014-08-29 08:29:05 +00:00 · 6ad186f7f9
commit 6ad186f7f9
parent c11c4aaf12
2 changed files with 25 additions and 81 deletions
--- a/suse-build-key.changes
+++ b/suse-build-key.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com
+
+- Went to new method again.
+  - suse-build-key.gpg blob dropped
+  - ship seperate files
+
 -------------------------------------------------------------------
 Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com

--- a/suse-build-key.spec
+++ b/suse-build-key.spec
@ -26,19 +26,12 @@ License:        GPL-2.0+
 Group:          System/Packages
 Version:        12.0
 Release:        0
-Source0:        suse-build-key.gpg
-Source1:        dumpsigs
-
 # pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
 # The main package signing key.
-Source2:        gpg-pubkey-39db7c82-510a966b.asc
+Source0:        gpg-pubkey-39db7c82-510a966b.asc
 # pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
 # Fallback key if main key gets lost.
-Source3:        gpg-pubkey-50a3dd1c-50f35137.asc
-
-# pub  1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
-# SLE11 build@suse.de key, 1024 bit
-Source4:        gpg-pubkey-307e3d54-4be01a65.asc
+Source1:        gpg-pubkey-50a3dd1c-50f35137.asc

 # pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
 # SUSE supplied PTF (program temporary fixes) are signed by this key.
@ -50,13 +43,10 @@ Source98:       suse_ptf_key.asc
 # Only used for E-Mail encryption and signing to/from security@suse.de.
 Source99:       security_at_suse_de.asc

+Source100:      dumpsigs
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %define keydir  %{_prefix}/lib/rpm/gnupg/keys
-
-%define pubring  usr/lib/rpm/gnupg/pubring.gpg
-%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
-
 PreReq:         sh-utils gpg fileutils mktemp

 %description
@ -75,76 +65,23 @@ cp %SOURCE99 .

 %install
 rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
-install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-mkdir keys
-cd keys
-$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
-cd ..
-cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-
-touch $RPM_BUILD_ROOT/%{pubring}
-touch $RPM_BUILD_ROOT/%{pubring}~
+mkdir -p $RPM_BUILD_ROOT%{keydir}
+for i in %sources; do
+    case "$i" in
+        */gpg-pubkey-*.asc)
+        install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
+        ;;
+    esac
+done
+install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg

 %files
 %defattr(644,root,root)
-%attr(755,root,root) %dir /usr/lib/rpm/gnupg
-%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
-/usr/lib/rpm/gnupg/keys
-%config /%{susering}
-%ghost /%{pubring}
-%ghost /%{pubring}~
-
-%post
-if [ ! -f %{pubring} ]; then
-    touch %{pubring}
-fi
-echo -n "importing SuSE build key to rpm keyring... "
-TF=`mktemp /tmp/gpg.XXXXXX`
-if [ -z "$TF" ]; then
-  echo "suse-build-key::post: cannot make temporary file. Fatal error."
-  exit 20
-fi
-if [ -z "$HOME" ]; then
-  HOME=/root
-  export HOME
-fi
-if [ ! -d "$HOME" ]; then
-  mkdir "$HOME"
-fi
-gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
-# no kidding... gpg won't initialize correctly without being called twice.
-gpg < /dev/null > /dev/null 2>&1 || true
-gpg < /dev/null > /dev/null 2>&1 || true
-gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
-         --keyring %{susering}    --export -a > $TF 
-a="$?"
-gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
-         --keyring %{pubring}   --import < $TF
-b="$?"
-rm -f "$TF"
-if [ "$a" = 0 -a "$b" = 0 ]; then
-    echo "done."
-else
-    echo "importing the key from the file %{susering}"
-    echo "returned an error. This should not happen. It may not be possible"
-    echo "to properly verify the authenticity of rpm packages from SuSE sources."
-    echo "The keyring containing the SuSE rpm package signing key can be found"
-    echo "in the root directory of the first CD (DVD) of your SuSE product."
-    exit -1
-fi
-### import suse package build key to roots gpg keyring
-if test -f root/.gnupg/pubring.gpg ; then
-   chroot . usr/bin/gpg --export --armor --no-default-keyring \
-                   --keyring %{susering} build@suse.de \
-        | chroot . usr/bin/gpg --import || true
-   if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
-      echo "gpg import for build@suse.de failed, please import manually" >&2
-   fi
-else
-   cp %{susering} root/.gnupg/pubring.gpg
-fi
-chmod 600 root/.gnupg/pubring.gpg
+%doc security_at_suse_de.asc suse_ptf_key.asc
+%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
+%attr(755,root,root) %dir %{keydir}
+%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
+%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
+%{keydir}/gpg-pubkey-39db7c82-510a966b.asc

 %changelog