1
0

Accepting request 247206 from Base:System

- Went to new method again.
  - suse-build-key.gpg blob dropped
  - ship seperate files

OBS-URL: https://build.opensuse.org/request/show/247206
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/suse-build-key?expand=0&rev=34
This commit is contained in:
Stephan Kulow 2014-09-03 16:23:10 +00:00 committed by Git OBS Bridge
commit 7d9c1d5c81
3 changed files with 28 additions and 80 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com
- Went to new method again.
- suse-build-key.gpg blob dropped
- ship seperate files
-------------------------------------------------------------------
Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com

Binary file not shown.

View File

@ -26,20 +26,16 @@ License: GPL-2.0+
Group: System/Packages
Version: 12.0
Release: 0
Source0: suse-build-key.gpg
Source1: dumpsigs
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# The main package signing key.
Source2: gpg-pubkey-39db7c82-510a966b.asc
Source0: gpg-pubkey-39db7c82-510a966b.asc
# pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
# Fallback key if main key gets lost.
Source3: gpg-pubkey-50a3dd1c-50f35137.asc
Source1: gpg-pubkey-50a3dd1c-50f35137.asc
# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
# SLE11 build@suse.de key, 1024 bit
Source4: gpg-pubkey-307e3d54-4be01a65.asc
# SLES 10 key.
Source2: gpg-pubkey-307e3d54-4be01a65.asc
# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
# SUSE supplied PTF (program temporary fixes) are signed by this key.
# supplied to be not imported by default
@ -50,13 +46,10 @@ Source98: suse_ptf_key.asc
# Only used for E-Mail encryption and signing to/from security@suse.de.
Source99: security_at_suse_de.asc
Source100: dumpsigs
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%define keydir %{_prefix}/lib/rpm/gnupg/keys
%define pubring usr/lib/rpm/gnupg/pubring.gpg
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
PreReq: sh-utils gpg fileutils mktemp
%description
@ -75,76 +68,24 @@ cp %SOURCE99 .
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
mkdir keys
cd keys
$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
cd ..
cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
touch $RPM_BUILD_ROOT/%{pubring}
touch $RPM_BUILD_ROOT/%{pubring}~
mkdir -p $RPM_BUILD_ROOT%{keydir}
for i in %sources; do
case "$i" in
*/gpg-pubkey-*.asc)
install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
;;
esac
done
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
%files
%defattr(644,root,root)
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
/usr/lib/rpm/gnupg/keys
%config /%{susering}
%ghost /%{pubring}
%ghost /%{pubring}~
%post
if [ ! -f %{pubring} ]; then
touch %{pubring}
fi
echo -n "importing SuSE build key to rpm keyring... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
echo "suse-build-key::post: cannot make temporary file. Fatal error."
exit 20
fi
if [ -z "$HOME" ]; then
HOME=/root
export HOME
fi
if [ ! -d "$HOME" ]; then
mkdir "$HOME"
fi
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{susering} --export -a > $TF
a="$?"
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{pubring} --import < $TF
b="$?"
rm -f "$TF"
if [ "$a" = 0 -a "$b" = 0 ]; then
echo "done."
else
echo "importing the key from the file %{susering}"
echo "returned an error. This should not happen. It may not be possible"
echo "to properly verify the authenticity of rpm packages from SuSE sources."
echo "The keyring containing the SuSE rpm package signing key can be found"
echo "in the root directory of the first CD (DVD) of your SuSE product."
exit -1
fi
### import suse package build key to roots gpg keyring
if test -f root/.gnupg/pubring.gpg ; then
chroot . usr/bin/gpg --export --armor --no-default-keyring \
--keyring %{susering} build@suse.de \
| chroot . usr/bin/gpg --import || true
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
echo "gpg import for build@suse.de failed, please import manually" >&2
fi
else
cp %{susering} root/.gnupg/pubring.gpg
fi
chmod 600 root/.gnupg/pubring.gpg
%doc security_at_suse_de.asc suse_ptf_key.asc
%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
%attr(755,root,root) %dir %{keydir}
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
%{keydir}/gpg-pubkey-307e3d54-4be01a65.asc
%changelog