forked from pool/suse-build-key
This commit is contained in:
parent
421f6ef46d
commit
cc83d7a697
2
.gitattributes
vendored
2
.gitattributes
vendored
@ -21,3 +21,5 @@
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
||||
## Specific LFS patterns
|
||||
openSUSE-build-key.gpg filter=lfs diff=lfs merge=lfs -text
|
||||
|
142
openSUSE-build-key.changes
Normal file
142
openSUSE-build-key.changes
Normal file
@ -0,0 +1,142 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 18 10:44:04 CEST 2008 - adrian@suse.de
|
||||
|
||||
- Branch package from suse-build-key and create it as openSUSE-build-key
|
||||
- Add openSUSE:Factory key as official distribution key
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 2 15:45:33 CEST 2008 - ro@suse.de
|
||||
|
||||
- update keys again: for collaboration with rpm, the current
|
||||
self-signature needs to be the first signature found in a key
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 5 18:31:20 CEST 2008 - ro@suse.de
|
||||
|
||||
- updated keys
|
||||
9C800ACA,8495160C,307E3D54: extend expiration by 2 years
|
||||
until 2010-05-05
|
||||
7E2E3B05: extend expiration by 2 years until 2010-05-24
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 19 16:49:05 CET 2007 - rguenther@suse.de
|
||||
|
||||
- merge suse-build-key keyring to roots gpg pubring
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 29 17:20:45 CEST 2006 - ro@suse.de
|
||||
|
||||
- added new official provo dsa autobuild key ID 7E2E3B05
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 19 14:02:59 CEST 2006 - ro@suse.de
|
||||
|
||||
- removed unused provo autobuild key
|
||||
- added new official provo autobuild key ID A1912208
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 20 12:47:18 CEST 2006 - ro@suse.de
|
||||
|
||||
- add dumpsigs script here to have _one_ place for the script
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 31 16:53:02 CEST 2006 - ro@suse.de
|
||||
|
||||
- added build@suse.de rsa key ID 307E3D54
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 25 21:47:54 CET 2006 - mls@suse.de
|
||||
|
||||
- converted neededforbuild to BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 18 17:47:07 CEST 2005 - ro@suse.de
|
||||
|
||||
- use correct provo autobuild key
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 18 12:28:04 CEST 2005 - ro@suse.de
|
||||
|
||||
- added provo autobuild signing key (#128128)
|
||||
- removed jds key
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 27 14:47:30 CEST 2005 - mls@suse.de
|
||||
|
||||
- added mktemp to PreReqs [#86177]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 28 11:45:36 CEST 2005 - ro@suse.de
|
||||
|
||||
- added JDS public key (15c17deb)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 25 18:10:26 CET 2005 - ro@suse.de
|
||||
|
||||
- added OES public key (0dfb3188)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 22 12:28:07 CEST 2004 - ro@suse.de
|
||||
|
||||
- updated build key (expiration changed to 2008-06-21) (#42326)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 24 12:19:49 CET 2004 - hmacht@suse.de
|
||||
|
||||
- building as non-root
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 9 18:51:02 CEST 2003 - ro@suse.de
|
||||
|
||||
- ignore return code from first gpg calls
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 9 18:23:07 MEST 2003 - draht@suse.de
|
||||
|
||||
- call gpg twice without any arguments for proper initialization
|
||||
inside postinstall
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 9 17:43:55 MEST 2003 - draht@suse.de
|
||||
|
||||
- use temp file instead of pipe due to resource race between two
|
||||
instances of gpg in %post.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 5 04:56:32 CEST 2002 - draht@suse.de
|
||||
|
||||
- package now installs key from package-owned file into the rpm
|
||||
pubring in %post to allow other key packages to add their keys.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 20 10:46:52 CEST 2002 - mmj@suse.de
|
||||
|
||||
- Correct PreReq
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 26 09:50:14 CEST 2002 - kukuk@suse.de
|
||||
|
||||
- Change Provides from suse-build-key to build-key
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 21 00:10:52 MET 2002 - draht@suse.de
|
||||
|
||||
- directory permission problem: 644 -> 755.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 18 12:16:34 CET 2002 - ro@suse.de
|
||||
|
||||
- moved to /usr/lib/rpm/gnupg/pubring.pgp
|
||||
rpm needs a directory as gpg_path and will use pubring.gpg
|
||||
in that directory
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 13 20:45:46 MET 2002 - draht@suse.de
|
||||
|
||||
- initial package. Contains
|
||||
- pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
|
||||
|
||||
- pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
|
||||
- sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]
|
||||
|
||||
|
3
openSUSE-build-key.gpg
Normal file
3
openSUSE-build-key.gpg
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:b831e5ca64b65e83c06d7ec87cc8c224eb8af166f30a0adbc6c4ce682d735422
|
||||
size 6277
|
179
openSUSE-build-key.spec
Normal file
179
openSUSE-build-key.spec
Normal file
@ -0,0 +1,179 @@
|
||||
#
|
||||
# spec file for package suse-build-key (Version 1.0)
|
||||
#
|
||||
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# This file and all modifications and additions to the pristine
|
||||
# package are under the same license as the package itself.
|
||||
#
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
# norootforbuild
|
||||
|
||||
|
||||
Name: openSUSE-build-key
|
||||
BuildRequires: gpg
|
||||
License: GPL v2 or later
|
||||
Group: System/Packages
|
||||
Provides: build-key
|
||||
Conflicts: suse-build-key
|
||||
Requires: gpg
|
||||
AutoReqProv: off
|
||||
Summary: The public gpg key for rpm package signature verification
|
||||
Version: 1.0
|
||||
Release: 852
|
||||
Source0: openSUSE-build-key.gpg
|
||||
Source1: dumpsigs
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
BuildArch: noarch
|
||||
%define pubring usr/lib/rpm/gnupg/pubring.gpg
|
||||
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
|
||||
PreReq: sh-utils gpg fileutils mktemp
|
||||
|
||||
%description
|
||||
This package contains the gpg key that is used to sign official SuSE
|
||||
rpm packages. It will be installed as a keyring in
|
||||
/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
|
||||
own keys to verify against should use the following commandline command
|
||||
to add the key to the keyring as used by RPM:
|
||||
|
||||
gpg --no-options --no-default-keyring \ --keyring
|
||||
/usr/lib/rpm/gnupg/pubring.gpg --import
|
||||
|
||||
|
||||
|
||||
%prep
|
||||
rm -f foobarnosuchfileordirectory
|
||||
#%setup
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
|
||||
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||
touch $RPM_BUILD_ROOT/%{pubring}
|
||||
touch $RPM_BUILD_ROOT/%{pubring}~
|
||||
|
||||
%files
|
||||
%defattr(644,root,root)
|
||||
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
|
||||
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
|
||||
%config /%{susering}
|
||||
%ghost /%{pubring}
|
||||
%ghost /%{pubring}~
|
||||
|
||||
%post
|
||||
if [ ! -f %{pubring} ]; then
|
||||
touch %{pubring}
|
||||
fi
|
||||
echo -n "importing SuSE build key to rpm keyring... "
|
||||
TF=`mktemp /tmp/gpg.XXXXXX`
|
||||
if [ -z "$TF" ]; then
|
||||
echo "suse-build-key::post: cannot make temporary file. Fatal error."
|
||||
exit 20
|
||||
fi
|
||||
if [ -z "$HOME" ]; then
|
||||
HOME=/root
|
||||
fi
|
||||
if [ ! -d "$HOME" ]; then
|
||||
mkdir "$HOME"
|
||||
fi
|
||||
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
|
||||
# no kidding... gpg won't initialize correctly without being called twice.
|
||||
gpg < /dev/null > /dev/null 2>&1 || true
|
||||
gpg < /dev/null > /dev/null 2>&1 || true
|
||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
||||
--keyring %{susering} --export -a > $TF
|
||||
a="$?"
|
||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
||||
--keyring %{pubring} --import < $TF
|
||||
b="$?"
|
||||
rm -f "$TF"
|
||||
if [ "$a" = 0 -a "$b" = 0 ]; then
|
||||
echo "done."
|
||||
else
|
||||
echo "importing the key from the file %{susering}"
|
||||
echo "returned an error. This should not happen. It may not be possible"
|
||||
echo "to properly verify the authenticity of rpm packages from SuSE sources."
|
||||
echo "The keyring containing the SuSE rpm package signing key can be found"
|
||||
echo "in the root directory of the first CD (DVD) of your SuSE product."
|
||||
exit -1
|
||||
fi
|
||||
### import suse package build key to roots gpg keyring
|
||||
if test -f root/.gnupg/pubring.gpg ; then
|
||||
chroot . usr/bin/gpg --export --armor --no-default-keyring \
|
||||
--keyring %{susering} build@suse.de \
|
||||
| chroot . usr/bin/gpg --import || true
|
||||
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
|
||||
echo "gpg import for build@suse.de failed, please import manually" >&2
|
||||
fi
|
||||
else
|
||||
cp %{susering} root/.gnupg/pubring.gpg
|
||||
fi
|
||||
chmod 600 root/.gnupg/pubring.gpg
|
||||
|
||||
%changelog
|
||||
* Mon Jun 02 2008 ro@suse.de
|
||||
- update keys again: for collaboration with rpm, the current
|
||||
self-signature needs to be the first signature found in a key
|
||||
* Mon May 05 2008 ro@suse.de
|
||||
- updated keys
|
||||
9C800ACA,8495160C,307E3D54: extend expiration by 2 years
|
||||
until 2010-05-05
|
||||
7E2E3B05: extend expiration by 2 years until 2010-05-24
|
||||
* Mon Mar 19 2007 rguenther@suse.de
|
||||
- merge suse-build-key keyring to roots gpg pubring
|
||||
* Mon May 29 2006 ro@suse.de
|
||||
- added new official provo dsa autobuild key ID 7E2E3B05
|
||||
* Fri May 19 2006 ro@suse.de
|
||||
- removed unused provo autobuild key
|
||||
- added new official provo autobuild key ID A1912208
|
||||
* Thu Apr 20 2006 ro@suse.de
|
||||
- add dumpsigs script here to have _one_ place for the script
|
||||
* Fri Mar 31 2006 ro@suse.de
|
||||
- added build@suse.de rsa key ID 307E3D54
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Tue Oct 18 2005 ro@suse.de
|
||||
- use correct provo autobuild key
|
||||
* Tue Oct 18 2005 ro@suse.de
|
||||
- added provo autobuild signing key (#128128)
|
||||
- removed jds key
|
||||
* Fri May 27 2005 mls@suse.de
|
||||
- added mktemp to PreReqs [#86177]
|
||||
* Thu Apr 28 2005 ro@suse.de
|
||||
- added JDS public key (15c17deb)
|
||||
* Tue Jan 25 2005 ro@suse.de
|
||||
- added OES public key (0dfb3188)
|
||||
* Tue Jun 22 2004 ro@suse.de
|
||||
- updated build key (expiration changed to 2008-06-21) (#42326)
|
||||
* Tue Feb 24 2004 hmacht@suse.de
|
||||
- building as non-root
|
||||
* Tue Sep 09 2003 ro@suse.de
|
||||
- ignore return code from first gpg calls
|
||||
* Tue Sep 09 2003 draht@suse.de
|
||||
- call gpg twice without any arguments for proper initialization
|
||||
inside postinstall
|
||||
* Tue Sep 09 2003 draht@suse.de
|
||||
- use temp file instead of pipe due to resource race between two
|
||||
instances of gpg in %%post.
|
||||
* Thu Sep 05 2002 draht@suse.de
|
||||
- package now installs key from package-owned file into the rpm
|
||||
pubring in %%post to allow other key packages to add their keys.
|
||||
* Tue Aug 20 2002 mmj@suse.de
|
||||
- Correct PreReq
|
||||
* Fri Jul 26 2002 kukuk@suse.de
|
||||
- Change Provides from suse-build-key to build-key
|
||||
* Thu Feb 21 2002 draht@suse.de
|
||||
- directory permission problem: 644 -> 755.
|
||||
* Mon Feb 18 2002 ro@suse.de
|
||||
- moved to /usr/lib/rpm/gnupg/pubring.pgp
|
||||
rpm needs a directory as gpg_path and will use pubring.gpg
|
||||
in that directory
|
||||
* Wed Feb 13 2002 draht@suse.de
|
||||
- initial package. Contains
|
||||
- pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
|
||||
- pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
|
||||
- sub 2048g/8495160C 2000-10-19 [expires: 2006-02-12]
|
Loading…
Reference in New Issue
Block a user