From be84b3b4d8c19c82849765b708d1438b81dc0d966ccaafd52e8ebb131d338965 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 24 Aug 2017 13:29:11 +0000 Subject: [PATCH] Accepting request 518537 from home:msmeissn:branches:Base:System - extend the build@suse.de product key. (bsc#1014151) pub 2048R/39DB7C82 2013-01-31 [expires: 2020-12-06] uid SuSE Package Signing Key - use dumpsigs script from openSUSE to merge code - renamed security_at_suse_de.asc to security_at_suse_de_old.asc - security_at_suse_de.asc: new 4096 bit RSA key. pub 4096R/317CD502 2014-10-02 SUSE Security Team bnc#899509 - create suse-build-key.gpg during build. - Remove old keys from keyring. (fate#314767) Keys currently inside the RPM trusted keyring: - pub 2048R/39DB7C82 SuSE Package Signing Key - pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) - Various keys are moved to the documentation area (/usr/share/doc/packages/suse-build-key) - build-at-suse-sle11.asc: the old SUSE Linux Enterprise 11 key. if SUSE Linux Enterprise 11 packages need to be verified on a SUSE Linux Enterprise 12 system. - suse_ptf_key.asc: The suse ptf key. For verification of provided PTFs. - security_at_suse_de.asc: Use only for email encryption and verification purposes when contacting our security contact address security@suse.de OBS-URL: https://build.opensuse.org/request/show/518537 OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=26 --- dumpsigs | 66 +++++++++++++++++++++++++++---- gpg-pubkey-39db7c82-510a966b.asc | 21 ---------- gpg-pubkey-39db7c82-5847eb1f.asc | 19 +++++++++ security_at_suse_de.asc | 67 +++++++++++++++++++++++--------- suse-build-key.changes | 39 +++++++++++++++++++ suse-build-key.spec | 16 +++++--- 6 files changed, 175 insertions(+), 53 deletions(-) delete mode 100644 gpg-pubkey-39db7c82-510a966b.asc create mode 100644 gpg-pubkey-39db7c82-5847eb1f.asc diff --git a/dumpsigs b/dumpsigs index 87ee3a6..80cf8e5 100644 --- a/dumpsigs +++ b/dumpsigs @@ -1,21 +1,50 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w +# dump all keys contained in the keyring specified as argument -my $keyring=''; +use strict; -$keyring="--no-default-keyring --keyring=$ARGV[0]" if $ARGV[0] ne ''; +my @keyring; + +die "must specify keyring\n" unless @ARGV; + +my $file = shift @ARGV; +unless ($file =~ /^\//) { + use Cwd qw/abs_path/; + $file = abs_path($file); +} + +# XXX: workaround for colons in obs project names o_O +if ($file =~ /:/) { + use File::Temp qw/tempdir/; + my $tmpdir = tempdir( CLEANUP => 1); + my $nn = $file; + $nn =~ s/.*\///; + $nn = $tmpdir.'/'.$nn; + symlink($file, $nn) or die "failed to symlink: $!\n"; + $file = $nn; +} + +@keyring = ('--no-default-keyring', '--keyring='.$file); my @line; my $ver; my $rel; my $name; +my %names; -open(GPG, "gpg $keyring --no-secmem-warning --list-sigs --list-options show-keyring --fixed-list-mode --with-colons |"); +my @cmd = qw/--no-secmem-warning --no-options --list-sigs --list-options show-keyring --fixed-list-mode --with-colons/; +unshift @cmd, @keyring; +unshift @cmd, 'gpg'; +#print join(' ', @cmd), "\n"; + +open(GPG, '-|', @cmd); while () { chomp; next unless /^pub:/; @line = split(':', $_); my $id = $line[4]; $_ = ; + $_ = if /^fpr:/; chomp; next unless /^uid:/; @line = split(':', $_); @@ -23,7 +52,7 @@ while () { while (1) { $_ = ; chomp; - die unless /^sig:/; + next unless /^sig:/; @line = split(':', $_); next if $line[4] ne $id; $ver = lc($id); @@ -31,12 +60,33 @@ while () { $rel = sprintf("%08x", $line[5]); last; } - $names{"gpg-pubkey-$ver-$rel"} = $id; + $names{"gpg-pubkey-$ver-$rel"} = [ $id, $name ]; } close GPG; my $n; for $n (sort keys %names) { - print "writing $n.asc\n"; - system("gpg $keyring --no-secmem-warning --export -a '$names{$n}' >$n.asc"); + @cmd = qw/--no-options --no-secmem-warning --export-options export-minimal --export -a/; + push @cmd, $names{$n}[0]; + unshift @cmd, @keyring; + unshift @cmd, 'gpg'; + my $fn = $n.".asc"; + unless (open(O, '>', $fn)) { + warn "failed to open $fn: $!"; + next; + } + printf O "%s %s\n\n", $names{$n}[0], $names{$n}[1]; + print "writing $fn\n"; + #print join(' ', @cmd), "\n"; + unless (open(GPG, '-|', @cmd)) { + warn "failed to exec gpg: $!"; + close O; + unlink $fn; + next; + } + while() { + print O; + } + close GPG; + close O; } diff --git a/gpg-pubkey-39db7c82-510a966b.asc b/gpg-pubkey-39db7c82-510a966b.asc deleted file mode 100644 index 4f30022..0000000 --- a/gpg-pubkey-39db7c82-510a966b.asc +++ /dev/null @@ -1,21 +0,0 @@ -70AF9E8139DB7C82 SuSE Package Signing Key - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.19 (GNU/Linux) - -mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp -YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY -91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma -hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9 -vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8 -L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT -aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYFAlEKlmsCGwMFCQeE -zgAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBwr56BOdt8gomGCAC13Pi60I6O -8GJ03BQrmVyyJrDcwJxxqw0HmIENf3rDLMYTBuduM3mNm5Fy2Gl2IuWD9mHvckQs -0xa+A7mAwHXhIXWFCrZWyRH16w93BzjjLGiMMKimE8mg4XcaRL1FJhxGqq7FpLga -XpQofkw0yFcavuubETpDR3w4qiRVsNKq4RM00pMCpTpJDWamFJm/oOUmBE45Q071 -v9C4oQHPsBNK/yMtlRssel815Xx4lbJIpKAg4BRtyBHWCzH/gVRGhYA8xDs/DEvu -Z9mswBdniP+K1XSkr+NtxFvtkAy/C2Q2qk3sqpCMOt3MDGTyBgqIoplE/4XRCis9 -d7b1v1zv4/hN -=sQXd ------END PGP PUBLIC KEY BLOCK----- diff --git a/gpg-pubkey-39db7c82-5847eb1f.asc b/gpg-pubkey-39db7c82-5847eb1f.asc new file mode 100644 index 0000000..faff0fb --- /dev/null +++ b/gpg-pubkey-39db7c82-5847eb1f.asc @@ -0,0 +1,19 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.15 (GNU/Linux) + +mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp +YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY +91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma +hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9 +vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8 +L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT +aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYCGwMGCwkIBwMCBBUC +CAMEFgIDAQIeAQIXgAUCWEfrHwUJDsIitAAKCRBwr56BOdt8gpqUB/wPSSS5BcDu +Oi4n02cj4Hdt7WITKBjjo0lG1fXG1ppx1wOST+s8FertMVFY53TW6FGjcYtwVOIq +rsMYiV6kf1NxUV/jcAy7VmC5EZnO0R/D3sT4Oh5hsLtERauZolK5BZmd0S51Qa8e +TxZ5mX9PL2i3s/ShETc30drf83ugc7B4yZPNQWXNDPgGcC+hEeC5qw48RzHYIpUt +RzHmefR5Z3ioTUbDlzy+SGP2uA7mhR4Lfk/df5fYxWfCoKlyGjtrvA65cB+Pksyn +xrAeBuB+vBM+KnDrxW2Sn4AbWkzH//dfz9OJDJu4UM91hb7qxM0OkrXHQV3iNqzg +MDEhky/9NqMy +=GdP5 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/security_at_suse_de.asc b/security_at_suse_de.asc index 5dbc65d..0e574ac 100644 --- a/security_at_suse_de.asc +++ b/security_at_suse_de.asc @@ -1,5 +1,3 @@ -77B2E6003D25D3D9 SuSE Security Team - The block below contains the public key of the SUSE Security team. It's used to sign security advisories and other imporant announcents concerning the distribution. To be able to verify @@ -7,22 +5,55 @@ signatures made with that key you need to import this file into your keyring using the following command: gpg --import security_at_suse_de.asc - -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.16 (GNU/Linux) +Version: GnuPG v2 -mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA -BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz -JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh -1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U -P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ -cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg -VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p -WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL -hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG -BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ -AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi -RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 -zinsSx2OrWgvSiLEXXYK -=m7kg +mQINBFQtF/8BEAC682QMnBjVnGNGo8PcdoGgqQcfdtaBMFhpIfFp0dTdcW7vMwJV +PDV1TzOvtAlMSsUo6I+sIYG0PAnc51xh/xOAXzKrz0Qd0MEGVsT98yHB6W3XGRuX +f88FycgIzH03En92yZdBUTV1g3nBM3FFuwjT78quRCzpIMdHtEg4VFFam90TbrLU +F5ApHNqQf3yqbb6ddG5pdwB1pMoG7Zz4XaK/v0D20U8OxjrWTsbDRgWarIWwoGD4 +VhYqC891fHeoVKmYRYsrTJXqdCoArp/eofGHG/zhVA+MEHsNvPBhW+YxxpNO7MI1 +VjwIKFfO9jl3H3m4yOJ3BOaSpxCDb3LwKdSGCYvrCmGhsJpOyG33t/nwzhsN3R3D +OBg3YQQ17rZqcF9H89UauFaRDS1VxD/3GSCpmCAt39NW2EHaTOllcxwGkd61spoB +Q+g10kmiUa1DxWiN0lQnFDdpu8E8SaOnaRKjQy9KDFLxc9GCZXzOceP8wUjWBeKi +yAVesw562vRS+anpqbxeF1qzYJ78OVzjfFbdkxRecy4HbyaMt31YIPflSeEHrUa3 +Zrl8cXmJvcNZRbGeva++gCmzjYPpFSs9bAVWuFqY0UT3PbLYruYhyYyGv1x5Kwvb +TYWqLsQmHQxGp61zI97YbAz/XzLeAFrvzW2BnsEeLNXJG0lBShjalHLzqwARAQAB +tCVTVVNFIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHN1c2UuZGU+iQI5BBMBAgAj +BQJULRf/AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQWPxYsTF81QL5 +WA//cU8pptQ5ZwfI4edi2faNgU4qBF1mJQcchXVyQFcbdHpwNsHkqYFqVK98LwBJ +3sQUUVwUFdt7uauLtPMYONDeroy95DXhwvjsD891adOzehhAn3DTFUYYTPgs/x1b +UoXe5LShjinGi95HRjs5LpKyHn67pr91zbMDA0dhHku9mkD2kg8erTjtLlutCgRd +l25/AUsWi5qG2IZ1GK/GmmpnerD5R5jVc+MLJPW37pSUfS/BdmbK4XmZylpHF53a +hsUlG6wQM7H1OTyCYWA71jJ5ydeBSlrW6Jt4skM0Lipcr2rmLz/CVI/R0CTADyeI +41mOSmKOXQnlM0A3BGhLPb4JZFSOu9r+LvRq8u9sMICFqL7OEhjSHQqQ3Oe4sQWG +vJY1IcP3UW1byG/8MhBTp/16Wxd0Nv44JE4WS2VFVopaso7jmrnv/0JS7b4WwgE8 +OLi3Et4OpeXZEOY9LAYOQc1fdl+leh5qk7TkgNwAn69wdZYXXB3rS1Q6VxMFLyin +xaepwIlx0jsoG608dT03kv9EUx/hwvZrwnDyeoPtB1+HRXw1o6p/zU8B3r5fqes8 +Ah28Q1sD9c0ojH1gWcodQrhfkqLubgRJHUTTzO4KBwtTqBstcIR1kamOyA4oDbwK +tT0KsnU9DtJgqGkw0/nlOOgVXvsKWFXgZj4BcHct+tIO4ce5Ag0EVC0X/wEQAMjU +PGzcmaH8TZ3JExvUiK8zXW5pwnYVyxyMkdn8lWMmPdLI7ljj2OIqzXoYuT4nNmRZ ++zq4ucpd8DwAwim/cfi3bs/xqMNKkC1AybZW/KiEDTHll9Gc0cSa4DBQjdKjm839 +86kz0nzXxWXvBCqEyVVI1YoDAHTcAvMHkOZKc33kv6PS73Gymm78Em1ychx2u6UF +cQ248QFWXOPXsRaLVmNicuD/rEPcaKr8FomYYtqiGr88sv06FF0EdIa1aXqPVQU1 +IxqH3pAn6oQ2aZUe5jzydhMzhiYGfZtO+ePxE7mi2Vr/m3iurVfhusqc69Cxfd4Z +fCReSAQFbJ7Vf58c+rRbIp3NkZaID8Fo9jINC9ogNPDxVLbCSmxTnDpR9IdGi9oZ +VwgcWdQ9rbspOClntbE6GonA++OTEkMOTOFEgGfd7CEuEAAxYc3uchhlSN+LfQja +B24UgGKHP5QEvjclBOKjDWMfsOwyqdDBkGb0rHCE3ohUnA6QQpz+zSmF0oXmGwAQ +Jj3YhT/4Z/VapIjlMu9ZaPoT8dGUaDCUeJa4Kbg2krzMolKDNoZeWL5uOJk64+XU +5JsYBofMrQt3Esv+YGyhD2krYcs/7jaj+BLaJu4+asvXe9pAQTdGCNMoO/qiPsJ6 +gZLnHUjuxMF2eNvFqrYHXCILFFRDYCSiW1RfhPVJABEBAAGJAh8EGAECAAkFAlQt +F/8CGwwACgkQWPxYsTF81QJVJBAAnuE49ccyVXA3uWquzleHx1ioyVPuYKeE1Lzw +ibzdnrOPEYVMyNJbr3AcRofH4++KE5AdV9CUYYsP7pbix5hUcG0UdtT10QxAks/Z +e2k7gTXS3Fgu8q5+q4diDhh1GtiUKX+lsyN4MA6HhzPzACIy7Iy2LlRLV1oqYEMs +UPF2yEA+04r/UJAhKLshE0evA6Kkkq4MXvPcPxbyhZx+1S6/++dS81I+6+EEGyzM ++8GFn50Op84ULS/eSjVusnha/HVz5mulatWw1yV8hdVyKVqDT/GPOcJ3+MnWHIva +7NU3RvySgie7ouxM3M5U1GO/bfL7wmAJvJ2mPhoGoSJ6ir5uhMV1CRvMxDVEqomm +ozxxDGJZ4O8dfpfs9vKIhqeEi9Pk4ZtFIHBEbHiRf1TCpeV13kh9eGpbnSCjTZvD +HcjR78kQM76XH1JPCH72AhPbePOrI/OmHvvrVyQRN24cXvAzK8L4a2c0FqbrivwX +7bFHjZcfsjujYQb1QCF9zomtDXQAkWhts0I+tQcegUfQrrUlGFAMuwO/Lts6KL7G +vyd7dmv07xkbnlwJih4CIKvbImi93fRFMu763QzDhiAQcUohTROoQjZKoJRsRTn8 +czy7l6bFqw5kBgGh0XxyWzdIDIZfyfmb2q6cdEeeajP8g92Hknarmy7UXX7a8eMa +WzjAfBA= +=zsa2 -----END PGP PUBLIC KEY BLOCK----- diff --git a/suse-build-key.changes b/suse-build-key.changes index 2bb2b43..a27b9b9 100644 --- a/suse-build-key.changes +++ b/suse-build-key.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Wed Dec 7 16:35:05 UTC 2016 - meissner@suse.com + +- extend the build@suse.de product key. (bsc#1014151) + + pub 2048R/39DB7C82 2013-01-31 [expires: 2020-12-06] + uid SuSE Package Signing Key + +------------------------------------------------------------------- +Tue Nov 29 12:54:46 CET 2016 - ro@suse.de + +- use dumpsigs script from openSUSE to merge code + +------------------------------------------------------------------- +Thu Oct 2 12:45:05 UTC 2014 - meissner@suse.com + +- renamed security_at_suse_de.asc to security_at_suse_de_old.asc +- security_at_suse_de.asc: new 4096 bit RSA key. + pub 4096R/317CD502 2014-10-02 SUSE Security Team + bnc#899509 + ------------------------------------------------------------------- Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com @@ -5,6 +26,24 @@ Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com - suse-build-key.gpg blob dropped - ship seperate files +------------------------------------------------------------------- +Mon Feb 10 09:57:50 UTC 2014 - meissner@suse.com + +- create suse-build-key.gpg during build. +- Remove old keys from keyring. (fate#314767) + Keys currently inside the RPM trusted keyring: + - pub 2048R/39DB7C82 SuSE Package Signing Key + - pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) +- Various keys are moved to the documentation area + (/usr/share/doc/packages/suse-build-key) + - build-at-suse-sle11.asc: the old SUSE Linux Enterprise 11 key. + if SUSE Linux Enterprise 11 packages need to be verified on + a SUSE Linux Enterprise 12 system. + - suse_ptf_key.asc: The suse ptf key. For verification of provided PTFs. + - security_at_suse_de.asc: Use only for email encryption and + verification purposes when contacting our security contact address + security@suse.de + ------------------------------------------------------------------- Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com diff --git a/suse-build-key.spec b/suse-build-key.spec index 5f9f282..dd76082 100644 --- a/suse-build-key.spec +++ b/suse-build-key.spec @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,9 +26,11 @@ License: GPL-2.0+ Group: System/Packages Version: 12.0 Release: 0 + # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key # The main package signing key. -Source0: gpg-pubkey-39db7c82-510a966b.asc +Source0: gpg-pubkey-39db7c82-5847eb1f.asc + # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) # Fallback key if main key gets lost. Source1: gpg-pubkey-50a3dd1c-50f35137.asc @@ -36,17 +38,19 @@ Source1: gpg-pubkey-50a3dd1c-50f35137.asc # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key # SLES 10 key. Source2: gpg-pubkey-307e3d54-4be01a65.asc + # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default Source98: suse_ptf_key.asc -# pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team -# security@suse.de communication key. -# Only used for E-Mail encryption and signing to/from security@suse.de. +# pub 4096R/317CD502 2014-10-02 SUSE Security Team +# sub 4096R/0DE80E03 2014-10-02 +# Only used for email communication Source99: security_at_suse_de.asc Source100: dumpsigs + BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %define keydir %{_prefix}/lib/rpm/gnupg/keys @@ -85,7 +89,7 @@ install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg %attr(755,root,root) %dir %{keydir} %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc -%{keydir}/gpg-pubkey-39db7c82-510a966b.asc +%{keydir}/gpg-pubkey-39db7c82-5847eb1f.asc %{keydir}/gpg-pubkey-307e3d54-4be01a65.asc %changelog