From e2f397cd044fe7cfbccc8b14a6fff5b51bfd98d4655a9dd484751314ab284422 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Thu, 9 Jan 2014 13:49:26 +0000
Subject: [PATCH] Accepting request 213302 from
 home:msmeissn:branches:Base:System

- Merged over logic from openSUSE-build-key.
- Got rid of default importing into roots keyring.
- Removed some old keys.
- Clarify that security@suse.de is a email only key
- PTF key is supplied also as %doc, to not be default
  imported.
- Keys currently inside:
  - pub  2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
  - pub  2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
  - pub  1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com>
  - pub  2048R/3D25D3D9 SuSE Security Team <security@suse.de>

OBS-URL: https://build.opensuse.org/request/show/213302
OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=9
---
 gpg-pubkey-39db7c82-510a966b.asc |  21 +++++
 gpg-pubkey-50a3dd1c-50f35137.asc |  21 +++++
 security_at_suse_de.asc          |  28 +++++++
 suse-build-key.changes           |  15 ++++
 suse-build-key.gpg               | Bin 4945 -> 0 bytes
 suse-build-key.spec              | 128 +++++++++++--------------------
 suse_ptf_key.asc                 |  26 +++++++
 7 files changed, 154 insertions(+), 85 deletions(-)
 create mode 100644 gpg-pubkey-39db7c82-510a966b.asc
 create mode 100644 gpg-pubkey-50a3dd1c-50f35137.asc
 create mode 100644 security_at_suse_de.asc
 delete mode 100644 suse-build-key.gpg
 create mode 100644 suse_ptf_key.asc

diff --git a/gpg-pubkey-39db7c82-510a966b.asc b/gpg-pubkey-39db7c82-510a966b.asc
new file mode 100644
index 0000000..4f30022
--- /dev/null
+++ b/gpg-pubkey-39db7c82-510a966b.asc
@@ -0,0 +1,21 @@
+70AF9E8139DB7C82 SuSE Package Signing Key <build@suse.de>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
+YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
+91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
+hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
+vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
+L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
+aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYFAlEKlmsCGwMFCQeE
+zgAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBwr56BOdt8gomGCAC13Pi60I6O
+8GJ03BQrmVyyJrDcwJxxqw0HmIENf3rDLMYTBuduM3mNm5Fy2Gl2IuWD9mHvckQs
+0xa+A7mAwHXhIXWFCrZWyRH16w93BzjjLGiMMKimE8mg4XcaRL1FJhxGqq7FpLga
+XpQofkw0yFcavuubETpDR3w4qiRVsNKq4RM00pMCpTpJDWamFJm/oOUmBE45Q071
+v9C4oQHPsBNK/yMtlRssel815Xx4lbJIpKAg4BRtyBHWCzH/gVRGhYA8xDs/DEvu
+Z9mswBdniP+K1XSkr+NtxFvtkAy/C2Q2qk3sqpCMOt3MDGTyBgqIoplE/4XRCis9
+d7b1v1zv4/hN
+=sQXd
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/gpg-pubkey-50a3dd1c-50f35137.asc b/gpg-pubkey-50a3dd1c-50f35137.asc
new file mode 100644
index 0000000..2aa6c01
--- /dev/null
+++ b/gpg-pubkey-50a3dd1c-50f35137.asc
@@ -0,0 +1,21 @@
+5EAF444450A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+mQENBFDzUTcBCADQ3p9ch1aR6cBqL+O7UNO+zFNTI5WxLf4tegWP8uuxK5tJTgXO
+tjnwWmWIaijO6yfCtlBu8hD2Zp9sMenDY42yM5/uII0RpszqzqwwK5onnjGcSkWZ
+8jAAn+mtLIJvCLCwTqwEM4mTdTZROtCnttHXZr4GFrqpeAh+SKEWIoMF66N1FSb6
+S0evzYw3ryjbFY0pial9/hqqnsTWCNHzE1Up7qdNIPxDV8UGyUzm70/xMMjJSIkB
+aGpRdhILfZgyH6Ajhm7VCPPzW/BO30RSjHDnyo3hR39jE+KxvdgqTz+AthK5z+p2
+mwQ+ohTAo4dGb0lyZYFpXD7ucEl9w1ygzUe/ABEBAAG0NlN1U0UgUGFja2FnZSBT
+aWduaW5nIEtleSAocmVzZXJ2ZSBrZXkpIDxidWlsZEBzdXNlLmRlPokBPAQTAQIA
+JgUCUPNRNwIbAwUJB4TOAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEF6vRERQ
+o90cr+kH/RwB21ma7cQvZ1lHvgcOTuM7Ttqq6x7uuFFDXCIdmbDHv1ocQI5Z3VCb
+/7w+J8ZcBwNcr7i9Qsayu7umCILEOO8pNn/SlJVz6Kr6j6L8oAC3XHbXYrHacwMR
+y9jQPCDqP7WZduRgEW2VWnIoNp6p/DAj724EmfLzURwLG1QKiLnOLtpygzyquk3S
+gPGqgro+hCWX/VWgtBEKd33mgvwCBGjIe86VMvLCgtggyoBWDXYvsQMBO62fnk5w
+Btwum/m8VPhWhcrbUK60ZsHbdwfmsBOKxewf2vIuKUcqJnIYCfsuBgx9xUxiNlGR
+BVJIlG17h0jlRbEuuRez2397vU8Zw08=
+=SfX3
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/security_at_suse_de.asc b/security_at_suse_de.asc
new file mode 100644
index 0000000..5dbc65d
--- /dev/null
+++ b/security_at_suse_de.asc
@@ -0,0 +1,28 @@
+77B2E6003D25D3D9 SuSE Security Team <security@suse.de>
+
+The block below contains the public key of the SUSE Security team.
+It's used to sign security advisories and other imporant
+announcents concerning the distribution. To be able to verify
+signatures made with that key you need to import this file into your
+keyring using the following command:
+
+gpg --import security_at_suse_de.asc
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.16 (GNU/Linux)
+
+mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
+BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
+JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
+1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
+P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
+cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
+VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
+WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
+hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
+BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
+AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
+RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
+zinsSx2OrWgvSiLEXXYK
+=m7kg
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/suse-build-key.changes b/suse-build-key.changes
index b38c86d..4b4f5c6 100644
--- a/suse-build-key.changes
+++ b/suse-build-key.changes
@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Jan  9 12:29:53 UTC 2014 - meissner@suse.com
+
+- Merged over logic from openSUSE-build-key.
+- Got rid of default importing into roots keyring.
+- Removed some old keys.
+- Clarify that security@suse.de is a email only key
+- PTF key is supplied also as %doc, to not be default
+  imported.
+- Keys currently inside:
+  - pub  2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
+  - pub  2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
+  - pub  1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com>
+  - pub  2048R/3D25D3D9 SuSE Security Team <security@suse.de>
+
 -------------------------------------------------------------------
 Thu Jan 31 17:11:08 CET 2013 - ro@suse.de
 
diff --git a/suse-build-key.gpg b/suse-build-key.gpg
deleted file mode 100644
index d152795a49cd4726b6ffa9bae94ecd17df98b8add1bba7612e1b9b8446567590..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4945
zcmb7|WmJ`Iw}p4IN$J{vbazOJl%#ZbcO$jwPD!O334txrf`l|mH;8lyf=Ea=2j1^H
z-+9j&<J8aR&pn=du4~P;=A97>k)on70zv?7Llp!^R~{kyN$<XwHuM+#(m~Wo4DvG=
z{EC^-iu__Pu^*J6XwJ-yW00S0XmX39i5IiEmy7qbF#h&L1*IRSpw58uicVFx>&UuT
z-@bJ`3fuKO+RA6%-rTrd!(0!o9pIIhyGy<yqZ{LqKi%;4TcS<=ZxN2&ZDlQ123uk$
z019(GlZK~;G?l8Eg@c)m6_tjajkBGz4V8kG50!|yr=6pvxVxvj6^EsjX!IutJ`e<;
z0g-_r7%(shOb7yli9kTmV<3n)7z$EYfm=b*u%!l30qAHr>m}W$T!GIt!*{?pq;z=r
z(HN6Tc8ky-yR0}lF4YOc*?SQ=6ZQw64rTLOcYmp(c{AG*_K+^&x(SXbZ)4cL+`-Vi
zi;7&MWjy`qsrR^zi7}x<opo4Mzj*@9J5<@%jyw6u29a<dt48#u{i>k@!hp2fBsy<l
zciap8d9dtCB3Iq4@>MD|0T3kcrWynQX9BUn{HyE`004*zD4;V$)TdfX7&hB1_bF1c
z3lK{Rz8KnkI|{cgbci^2<IxC4dH*Bju;=@oW<>(A`$&Co;Efe77YMvNk<om?Y|N)V
z>^d&qygI}VPN*q@+Rq%(Q<|^2Yy=@c&(Gir@43SgSs`eK0YYt5L~HSHDe{o6aE9}r
zKryuIW&#W+hzIo)GO+4=)al0B6k{V^_AATIeAu8DPB`yfPGsr!MMKj~vAl`+ZjKbZ
zl}+Dd#w10o20c!%M7S!l?yUE0bWzN8Igc)PziUji(xtRV;n4T4$hIXx9B0|*Q;^{!
zs7>I@EY6CO*;Mb>=fqdpwszKu?bVp8h}uoSGy2Kz04Q!f{a<z0u(I%Uv-9ww(zG&j
zq7rfc=jXqQ9s?u<Lvikfll`Gv8&xwPA`JxUJc8XB^m)<7n%u4;_~B&VSS8fy7BS(l
z^bqH#gE)hGXs_2SOcT@}sd`zA{bAOAl2^Ru_Yu;_IfuPHU@@h8XF?Y1{K7|*PIw0H
z^fQV{9Amc9<EC;toMgEs8&;&E_0HV1zsDt<gm9p0V{~T@RozHxHo5TwqBw2aG@<xK
z;Rv~>TfxAS%-^&(I^XoAU3cU68iie`IvF)@U8^Fd<n;5WI~%X4t7xp-l^N4GB#poj
zXO;}p?#e@k-~;IE5ce+qGB-FeA-3CigrrXV^IXbEb8`B*0;40%YddfAaEU}3l<FmH
zDny4*QF)>^T3}9AG>QZX30Xx<8Gi`}vRml;JyL*wX#@FpU4cL+LD(&`Zou-)G2;?P
z`vr4Yoa0oBSsJ`DqGo|<j!<!)xfwNdsR(=EIDHiXtg`4D@3mBj40x7kj&^+ebvo{>
zOyFb;da2WZ%I0SnUVP%&zk)6`m>~#SYk3k4pkKTZIqi{wmVOa2ubSnfr8xFvKX!7u
z!QLHyrYu`D)qVYV3e#X#C5h;<(GVHBfP<!)@<>G>=&B!U>eAsCk5o@@+C}D(C*fuW
z(*Scp0%0kymbas-ZrtUrZa;-#N{Ugv@AJAf>D166OZU!(8e}G-qH0!=#Z0gj!bQ;n
zOI&t)FEN6SDa?=welFy%&-632Kq}f}g!#7uMZyPL&KER2MqcO-?G`Nq!NCOqP@tfv
zkIlLt3?WZ^9S4B^zF1ikP>_H#bmta#No`S=LR^dRF3=dsZ35)+qd2G|d|k3Ljk2N{
zb&Vz~;en)o=?qA{XHcN=X%|tF!0pKO8$uuucmck98Mz^cmS{o{5%YEiwoaqEAOb`3
zLTc+Jx^ccoVeD*JVQ)`Z-qfF`HRPVZO7PA`zjdq|J~R&bVXpMLri!viG-Gf4;L~}I
z+hr*g=fW}Tk!LL%0&Y^v&Z2v^Z*o4!lllwkzU~nzRf%cWwKZ3#cQa|6*yJk0>W<c_
z+f`2U@NfTdPhq%Z@xwj8sv~)-m(PM({Q&v;9#fdkrcYuR$eqbd+bJdb>iQl5@@-O!
zE^ZfcUrAdgL?&U@x^vf`c0Qby2`q#N?Hz~ULIBBs;xDco_E$PnS!jB=wgX6~lD9gF
z&DaldN-MpmbFRdWS<aSM(%Dh^*w$MtvS^;w8a;k2)EL6&UlFUrwNybT4Kv^xy@<yq
zINjnotQphVxW=O3UG1%G2@NLIZhR|#8H3wTN0Y`Hy_w;PlwJxn5sy^FJ%W=<&`S~%
zbF~8sQgt3l>PEHn9Y_QJq~h{5DB_66gRfv?9i=Ye!d5+QKDoD3e?|}SuNK>qeN&9s
zGxP@x35m}u_tqG9tTj0k@1F36VkJ!P_!g`&%-x)j3HN@$dzlrjyeYXtUqfFdGvF$P
z9TYaVsC9EkKha;&^a?6y+~<-g_gcW95r7}5ZTF{!8mHQrv}lo!ks%<jxuS%EEE^Ym
zXWNE&@}@qC*rlS3GN`Ck==K9LmhC`@?&q7Q5^CzD>pW9Jw^`meOgcr1sO$rYGno_z
zqI}ODho7dBWYF4aNQa+)`YPK3m0WBCmx10Dv0wdA!|m{4<u-f;$)<1bVRwX9|G<(2
zDm=FJ6+JU#FwGNN%gazJvv+jawP7;oz5IX7OLGYReGB{#^O7_Zibm>rMDl=5neyCL
zPB8j_$qPXKi#~QwL&4BAGNfRB(j@KR51V#7K%N+mgO&}UE$Wx|v6IPQx@a+J&8~-5
zYXV_CVDknC6%hV<OlfP#WW(VXmK`}ad2^TV;xRwkA8GuI@Y5LB@!pgs)0=>HNu3~y
z%+*B^YDnA@BIK$rp5OYSIf!Tcbba2_+#!GEX=6WL(rLtE{$(<wki*xxx&-RRjKD2-
z;7Euh7kYy&?wFLOQt2e`boQ1J0(D03NqRT(<#VyZlX<M81>;^qAKuA&#|033k+z9h
zx_32QIZyksLgrwFS6{37_WWnF2!OGST^WgF!fc9hiY)=7Y0A(~rw$%;70G$@>^ZUS
z>D&+>Dt!{Vh}VzHr5dwyl>FFjIQGqXE<f|0r{_4H*FH-6o)}r4Ukf_Yjwi5f@t?r2
zb`NvGq>TlDQDAqbSJMa~@`II@k(nG^)2w{V5|(R8kBUi5>@a_+W<43aD5g|~Q+HYR
zCbm3n*AMl{yl=KKPK0ZTW5u>T96#E=m$$BFBv4=q%uGn^wSCVP5t@GpumqMGwPhlT
zcd0UE$dLA`%Q!vex{|((=?ckoZ~Jj(`c8YJB);L-<C8B(GgZ8lEK)UW%UqbMQTSkY
zm3fKswGc~E;EddoncJ19iAps}2tJ%pWoKsR@THS+3*C{dR^D+q+qd_lsH{{GQSpA<
zNzL}^a(Poc#&jIk)H?iQH)ct1sdYwL45dIJ`{@;#wpx73Z&>4@1w3r1*Et>e49fQC
zPU|-n+Vsp$v?7G$o;%Ekjg0j3Uxcy#ov<&D0eL)peywR4W6^k*r%KcO?PgA3hEYJi
zTP;x84`q1-XF4qZRGmOR1b*88K-hyZNrqw*-y2h_p}5$W5J%$DXX2iGwpjfTI?zIf
zo!3pE1-~*m{~Ha#r0;L8zu7x&hEeUk<%`WYz7oN>lbVW+X#I%1-mWt3#XZu86f3ix
zQ(ABuu{B9H?R{I_;-Vtrl02_7H>odi9)GFUB+AI=X?`TB*Gs-hYzE}Ga^Djkrw|*y
zOA;go6rBHg(n%4IG3xwv!{kf2zXl)2Iuv|oEm5oP#vUSEnF=*UJeK>gBCIh%qguMK
zNw3K-0779a54i|_9@Ps&zQQO@-Z2TH?yJh77#75@IE&r8OMVBHZ6a{)uHHC}{wT&m
zbbUQ6%B!C00b+kaZgIwrF1&Q%Xc6-pELxtS72Zm{8)n(l%NWPMXI&S-qZ`t_k>$t&
zz6298q<fNjxDBMmmh8uWL}RA6!Wu<w-j<jOSKwFizQQYeG}iDH?mr|g(F1?yBwEg^
zCvaZkPSUm|=i~ippiWq3+`kN+^EN9ya}Z#z;(sRX9T%B(5=OS@qo~5fy@U4t2+uzH
zrAJ=wAR2Z2VgOpBQ=L+UYt%$bP968luIze74XuYoUQ^~jFY)f4uC6X_9{<?rEL@yK
zqyJZ5g2SO`IBVa*57an%jJVhNWt2w?1M+2HOOJ{P(?_5~;tF8OM%_w1%?m(55+Rn6
zAFZqLrKmUcoyUFYy-yH-`4SN8ff`br`*8+dX*Jrps#8LO++v)$ep080?#Zr{=bk}3
zRNfN^o`|kk%G3Yy@KlrynXQ;5+JXovn`wnlez0q*B4{iR-XQn5E(-PGIg`uQ;qGTF
z%s&sHS<X4~xM?8+RAcRuS>t3*OL)!w=3KW>Mw`p!`e@U8lHql|3$eW@)E0s#xdXuW
zh)CV}_mOlwQxjIwht;NyH?kJl>IS$bDrMVQCLjZd4p`dpo>$<>Tbf_ynpMsS%MrxC
z$J#Uq{q((Vsk6L~c|7OTbocvD9M+T$`L0XN3hd7m7_6_;8NQGvI0ZG`Qs~0A22-vR
zin8O{EA6k0q)O4Wnkyr6Fuh?3NZL764f?<LC7j_eg|Ysw@S-{(U)}no7-dB;cdj>W
z>DZ$h*xva?4N!nwV}*oK_WqVS#w$%k2p#yS3ak91FR>u1M`{B1iDqmm-!Mx1^>&9n
z=X#6kWZRI225o8$`z^aKH1Tk!hBaGW89LG+bf9k)ZO=5a!`RiJ>U@ZEYMt-Mz1?jQ
zU(1`nM-`9zZs^xY1s7`;V;*<T3+c>5E<pbF2ewcb)aq*G3J7mZvM0Zq@K|ZX_&4h|
z6r$#GZ`44!w?s5y(48VrLWWBP*{b0<fhwkX!g%JG@_<`7GOuR_b^Hili+Qh9iR${f
zPA^Ko;^w}}AFjTBxfr0Wy_y#uMnDD+WdUuZ^EB$wk->rTvXpw9>(7DsRoNg5{I#0T
zvn(oN!3}s#qrbeeA)<u@9Ys+xF7j?xA$EqMd#>^U-G&9jvh4s|AOKj;|KDa=CO0d0
zD>pAIDhDec=Kq>(V}K%mMOy|a=t0i=fD1)~g^vJGFwju%gD!*+gbIcbfx!Qax(`J&
zu9A{cEm|b6+J@bb1LyU!c6&H&^kmy$kCfM+D$gNz9`Aipdu~WWky-t<U7uV$L2pqt
z`>s`#@rxl0Y*_W_v*efBmX>#@p*@28%=|$UDXH#T$jijS>jFTdq1QL_nmKnc?%?d0
z2-PpKkC|RSOmUr3_1&2G^UANeX!o5VnTJPe<QQa{=+R9h9CL1ABFJW?iQqrT&}Pwa
z`t%#Ef_hwZM8Ia~H3(wc=QondbJ!I+OEnOzjpfBz0|q|*ke{dQin73webK6Ut{pKj
zuUc7e-8qkdZC2yI>itbQcgVpk%fjGBf_BA$f*H`OXwI+p8mcar;^Y@4w;^4_(L`J~
zALRF0g|z!$D5{~SIozW-Uy^3vMAc-?8P!7<G~mUiLnuTyX)e#8@3<tx1AAs8_tMAT
z&di~=K;=ANCE75S`N;cKJMr<BLTmhfw{b2#Pr>(=kA*6p-#~hgp3!QpmctZ<NzOE5
z?2^huB>h-5i3JaUPwJ(r!C2FkJ3Vl&xY<q(resEIj?WN<dYczB65KU<S&@uyZ!ql&
zL^2RLV)lxSqfSc|ED*$cqCa{##gdbFWHZ|@Hir+La@6!owk3?U0j)x1BnM0i?+bU?
zUvC78ogWS#^fx4}I1mY1b1n{=$iF9{<*uGb55BFlYd{y5x#m=AmG|5DEl~#EaNW>B
zbcAH{ejW|@g!RFD`5!3$pPyC!2H%5#{}=dNtMWpG=KVusB2fV!7tWi<5)ux~Jr)R9
zGYxAQsuwzPUcSeIWrSb_`F68?!AJS&%<B`M{n~BT&WmOv?9^=EO^R)js14i{+~K)O
z?HPgIpxuvqvV)C)39hr*#&MOs!|yLxMZl##OEZwmAS-)|Kf#Stm;x2~`gGuJJK4Cx
z&t?4uk#t(s6UbG3zKLW|iLgAD^*e&h_JR!th_cXg<&*ZYPj7*v)%Y*&XxUTA*nCZ%
zZ1{Vp*2)zZP^}O+_2JH7aNmV!%0vW<^gI>ARM@lmUeQ5p6Mgq;+M~E?-Koc5Hwm*H
r!;&AV^c$HJC%ia>X?ci(9$lCzbr&&?&iV||aMEtLzkaUt;Di4Lr*X2^

diff --git a/suse-build-key.spec b/suse-build-key.spec
index db81a69..390405d 100644
--- a/suse-build-key.spec
+++ b/suse-build-key.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package suse-build-key
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,106 +24,64 @@ AutoReqProv:    off
 Summary:        The public gpg key for rpm package signature verification
 License:        GPL-2.0+
 Group:          System/Packages
-Version:        1.0
-Release:        907.<RELEASE42>
-Source0:        suse-build-key.gpg
-Source1:        dumpsigs
+Version:        12.0
+Release:        0
+# pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
+# The main package signing key.
+Source0:        gpg-pubkey-39db7c82-510a966b.asc
+# pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
+# Fallback key if main key gets lost.
+Source1:        gpg-pubkey-50a3dd1c-50f35137.asc
+
+# pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
+# SUSE supplied PTF (program temporary fixes) are signed by this key.
+# supplied to be not imported by default
+Source98:       suse_ptf_key.asc
+
+# pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
+# security@suse.de communication key.
+# Only used for E-Mail encryption and signing to/from security@suse.de.
+Source99:       security_at_suse_de.asc
+
+Source100:      dumpsigs
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
-%define pubring  usr/lib/rpm/gnupg/pubring.gpg
-%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
+%define keydir  %{_prefix}/lib/rpm/gnupg/keys
 PreReq:         sh-utils gpg fileutils mktemp
 
 %description
-This package contains the gpg key that is used to sign official SuSE
-rpm packages. It will be installed as a keyring in
-/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
-own keys to verify against should use the following commandline command
-to add the key to the keyring as used by RPM:
-
-gpg --no-options --no-default-keyring \ --keyring
-/usr/lib/rpm/gnupg/pubring.gpg --import
+This package contains the gpg keys that are used to sign the
+SUSE rpm packages. The keys installed here are not actually
+used by anything. rpm/zypper use the keys in the rpm db instead.
 
 
 
 %prep
-rm -f foobarnosuchfileordirectory
-#%setup
+%setup -qcT
 
 %build
+cp %SOURCE98 .
+cp %SOURCE99 .
 
 %install
 rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
-install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-mkdir keys
-cd keys
-$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
-cd ..
-cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-
-touch $RPM_BUILD_ROOT/%{pubring}
-touch $RPM_BUILD_ROOT/%{pubring}~
+mkdir -p $RPM_BUILD_ROOT%{keydir}
+for i in %sources; do
+    case "$i" in
+        */gpg-pubkey-*.asc)
+        install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
+        ;;
+    esac
+done
+install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
 
 %files
 %defattr(644,root,root)
-%attr(755,root,root) %dir /usr/lib/rpm/gnupg
-%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
-/usr/lib/rpm/gnupg/keys
-%config /%{susering}
-%ghost /%{pubring}
-%ghost /%{pubring}~
-
-%post
-if [ ! -f %{pubring} ]; then
-    touch %{pubring}
-fi
-echo -n "importing SuSE build key to rpm keyring... "
-TF=`mktemp /tmp/gpg.XXXXXX`
-if [ -z "$TF" ]; then
-  echo "suse-build-key::post: cannot make temporary file. Fatal error."
-  exit 20
-fi
-if [ -z "$HOME" ]; then
-  HOME=/root
-  export HOME
-fi
-if [ ! -d "$HOME" ]; then
-  mkdir "$HOME"
-fi
-gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
-# no kidding... gpg won't initialize correctly without being called twice.
-gpg < /dev/null > /dev/null 2>&1 || true
-gpg < /dev/null > /dev/null 2>&1 || true
-gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
-         --keyring %{susering}    --export -a > $TF 
-a="$?"
-gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
-         --keyring %{pubring}   --import < $TF
-b="$?"
-rm -f "$TF"
-if [ "$a" = 0 -a "$b" = 0 ]; then
-    echo "done."
-else
-    echo "importing the key from the file %{susering}"
-    echo "returned an error. This should not happen. It may not be possible"
-    echo "to properly verify the authenticity of rpm packages from SuSE sources."
-    echo "The keyring containing the SuSE rpm package signing key can be found"
-    echo "in the root directory of the first CD (DVD) of your SuSE product."
-    exit -1
-fi
-### import suse package build key to roots gpg keyring
-if test -f root/.gnupg/pubring.gpg ; then
-   chroot . usr/bin/gpg --export --armor --no-default-keyring \
-                   --keyring %{susering} build@suse.de \
-        | chroot . usr/bin/gpg --import || true
-   if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
-      echo "gpg import for build@suse.de failed, please import manually" >&2
-   fi
-else
-   cp %{susering} root/.gnupg/pubring.gpg
-fi
-chmod 600 root/.gnupg/pubring.gpg
+%doc security_at_suse_de.asc suse_ptf_key.asc
+%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
+%attr(755,root,root) %dir %{keydir}
+%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
+%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
+%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
 
 %changelog
diff --git a/suse_ptf_key.asc b/suse_ptf_key.asc
new file mode 100644
index 0000000..4ab0e50
--- /dev/null
+++ b/suse_ptf_key.asc
@@ -0,0 +1,26 @@
+6C74CE73B37B98A9 SUSE PTF Signing Key <support@suse.com>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.19 (GNU/Linux)
+
+mQGiBEKCDxcRBAC8XEA/xoFsF6c9QHU0aA3JBCQC3Jhpdv1+YzZOHDaSUziQ2ZL8
+12pt5oMg7qE0i5j0+zwL/0TUi4W8tar86a9gxRHzWgSkTiz4H2MvXSy5Qrnu1+Ho
+MCAWMEL4s2JftKVu0XFRuT4nNHVi80JZxRzmF2EBLvtz7jrRHT/N/5A4FwCg+PE1
+wR2NC89ux+VfxoR8UzQu4wUD/2ZBslJyLYE6rpUFYHceSK3gOlPSIlCn3OYlVDY3
+AgYsqYH5gEOHxQeqigukk+tffyHIr5wdzTgTrPeL7v+TpgVHuRRuw7Dl9oi1PyoW
+/PzNPjNSlXQCLUocY/ctCjre+WxjiewDPqmYVYS8Ie2DZMTFJ4w27mazfTJYgcPl
+mmwqA/oDFSaXdRl0csqWi6XvjbUJKSVlDc8IuulB1IRLNk94+xKoDtC2xxp8zEVB
+xBqmbT6pM1k3+KVzGL7oSHl4uMqzOkbRfKgKL/6ahJnLAGJPfPdFeIyGmvWDG915
+TE8oMesJq/MSaohxdJ6dywkhjd19Cbdts02scIfSu5yzMXHCm7QnU1VTRSBQVEYg
+U2lnbmluZyBLZXkgPHN1cHBvcnRAc3VzZS5jb20+iGIEExECACICGwMECwcDAgMV
+AgMDFgIBAh4BAheABQJL4BoaBQkQ4tkDAAoJEGx0znOze5ipiDoAn0YH3g6kFZfO
+BcxASwMft1iuWVT5AKCQFQ1deyNwXvo+eCH/dGpt5nj1d7kBDQRCgg8ZEAQAkwPg
+vF3r+7NNqgJyiW4w5yGXgu5H4Kmd9wXAT6sUOPU+4GRJJep0dUxHgdis2BboBDlO
+YVWE061pua8Ut6mA5Rx0/KOCeTL3SJtXMcknop/4fSLfnPN0/bsbALAN7RtmEJnV
+QXba7C/jY04J2p0wtWfF9Zh2/O0EaPmiVjkakHMAAwUD/0T/fMgYwD1ROk1aB7KW
+0bcro2hYfXCPTZtpZI6qfRbwKr8SQ6wSSWRi+p1hrtY6SBSNqw3mW4K42bPewanI
+KdGc9mDt2ecQK5TAScL6VKwPvR0LK5GXJsYZjm1/uf4dWAfoy5T8jqObjL+uavtd
+RKcJVbquhZwMeAeOqiPaCFMliEwEGBECAAwFAkvgGiYFCRDi2Q0ACgkQbHTOc7N7
+mKndUgCfUmb1pAbgOJ3axZbe9HSwAb/BxlEAoKriKwSDH8XsRPQSp493OfB5UDpP
+=GBuj
+-----END PGP PUBLIC KEY BLOCK-----