From 6ad186f7f9a5ddf8c18749d4e0f635f385ca7b086efc9da3aef8c0c044e47023 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Fri, 29 Aug 2014 08:29:05 +0000 Subject: [PATCH] - Went to new method again. - suse-build-key.gpg blob dropped - ship seperate files OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=20 --- suse-build-key.changes | 7 +++ suse-build-key.spec | 99 ++++++++---------------------------------- 2 files changed, 25 insertions(+), 81 deletions(-) diff --git a/suse-build-key.changes b/suse-build-key.changes index 3e897c1..2bb2b43 100644 --- a/suse-build-key.changes +++ b/suse-build-key.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com + +- Went to new method again. + - suse-build-key.gpg blob dropped + - ship seperate files + ------------------------------------------------------------------- Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com diff --git a/suse-build-key.spec b/suse-build-key.spec index a4c3e15..390405d 100644 --- a/suse-build-key.spec +++ b/suse-build-key.spec @@ -26,19 +26,12 @@ License: GPL-2.0+ Group: System/Packages Version: 12.0 Release: 0 -Source0: suse-build-key.gpg -Source1: dumpsigs - # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key # The main package signing key. -Source2: gpg-pubkey-39db7c82-510a966b.asc +Source0: gpg-pubkey-39db7c82-510a966b.asc # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) # Fallback key if main key gets lost. -Source3: gpg-pubkey-50a3dd1c-50f35137.asc - -# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key -# SLE11 build@suse.de key, 1024 bit -Source4: gpg-pubkey-307e3d54-4be01a65.asc +Source1: gpg-pubkey-50a3dd1c-50f35137.asc # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key # SUSE supplied PTF (program temporary fixes) are signed by this key. @@ -50,13 +43,10 @@ Source98: suse_ptf_key.asc # Only used for E-Mail encryption and signing to/from security@suse.de. Source99: security_at_suse_de.asc +Source100: dumpsigs BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %define keydir %{_prefix}/lib/rpm/gnupg/keys - -%define pubring usr/lib/rpm/gnupg/pubring.gpg -%define susering usr/lib/rpm/gnupg/suse-build-key.gpg - PreReq: sh-utils gpg fileutils mktemp %description @@ -75,76 +65,23 @@ cp %SOURCE99 . %install rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg -install %{SOURCE0} $RPM_BUILD_ROOT/%{susering} -install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg -mkdir keys -cd keys -$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering} -cd .. -cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg - -touch $RPM_BUILD_ROOT/%{pubring} -touch $RPM_BUILD_ROOT/%{pubring}~ +mkdir -p $RPM_BUILD_ROOT%{keydir} +for i in %sources; do + case "$i" in + */gpg-pubkey-*.asc) + install -m 644 "$i" $RPM_BUILD_ROOT%{keydir} + ;; + esac +done +install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg %files %defattr(644,root,root) -%attr(755,root,root) %dir /usr/lib/rpm/gnupg -%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs -/usr/lib/rpm/gnupg/keys -%config /%{susering} -%ghost /%{pubring} -%ghost /%{pubring}~ - -%post -if [ ! -f %{pubring} ]; then - touch %{pubring} -fi -echo -n "importing SuSE build key to rpm keyring... " -TF=`mktemp /tmp/gpg.XXXXXX` -if [ -z "$TF" ]; then - echo "suse-build-key::post: cannot make temporary file. Fatal error." - exit 20 -fi -if [ -z "$HOME" ]; then - HOME=/root - export HOME -fi -if [ ! -d "$HOME" ]; then - mkdir "$HOME" -fi -gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true -# no kidding... gpg won't initialize correctly without being called twice. -gpg < /dev/null > /dev/null 2>&1 || true -gpg < /dev/null > /dev/null 2>&1 || true -gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ - --keyring %{susering} --export -a > $TF -a="$?" -gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ - --keyring %{pubring} --import < $TF -b="$?" -rm -f "$TF" -if [ "$a" = 0 -a "$b" = 0 ]; then - echo "done." -else - echo "importing the key from the file %{susering}" - echo "returned an error. This should not happen. It may not be possible" - echo "to properly verify the authenticity of rpm packages from SuSE sources." - echo "The keyring containing the SuSE rpm package signing key can be found" - echo "in the root directory of the first CD (DVD) of your SuSE product." - exit -1 -fi -### import suse package build key to roots gpg keyring -if test -f root/.gnupg/pubring.gpg ; then - chroot . usr/bin/gpg --export --armor --no-default-keyring \ - --keyring %{susering} build@suse.de \ - | chroot . usr/bin/gpg --import || true - if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then - echo "gpg import for build@suse.de failed, please import manually" >&2 - fi -else - cp %{susering} root/.gnupg/pubring.gpg -fi -chmod 600 root/.gnupg/pubring.gpg +%doc security_at_suse_de.asc suse_ptf_key.asc +%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg +%attr(755,root,root) %dir %{keydir} +%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs +%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc +%{keydir}/gpg-pubkey-39db7c82-510a966b.asc %changelog