forked from pool/suse-build-key
Accepting request 213302 from home:msmeissn:branches:Base:System
- Merged over logic from openSUSE-build-key. - Got rid of default importing into roots keyring. - Removed some old keys. - Clarify that security@suse.de is a email only key - PTF key is supplied also as %doc, to not be default imported. - Keys currently inside: - pub 2048R/39DB7C82 SuSE Package Signing Key <build@suse.de> - pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de> - pub 1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com> - pub 2048R/3D25D3D9 SuSE Security Team <security@suse.de> OBS-URL: https://build.opensuse.org/request/show/213302 OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=9
This commit is contained in:
Git OBS Bridge
parent
5f8c0d355d
commit
e2f397cd04
21
gpg-pubkey-39db7c82-510a966b.asc
Normal file
21
gpg-pubkey-39db7c82-510a966b.asc
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
70AF9E8139DB7C82 SuSE Package Signing Key <build@suse.de>
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||||
|
|
||||||
|
mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
|
||||||
|
YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
|
||||||
|
91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
|
||||||
|
hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
|
||||||
|
vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
|
||||||
|
L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
|
||||||
|
aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYFAlEKlmsCGwMFCQeE
|
||||||
|
zgAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBwr56BOdt8gomGCAC13Pi60I6O
|
||||||
|
8GJ03BQrmVyyJrDcwJxxqw0HmIENf3rDLMYTBuduM3mNm5Fy2Gl2IuWD9mHvckQs
|
||||||
|
0xa+A7mAwHXhIXWFCrZWyRH16w93BzjjLGiMMKimE8mg4XcaRL1FJhxGqq7FpLga
|
||||||
|
XpQofkw0yFcavuubETpDR3w4qiRVsNKq4RM00pMCpTpJDWamFJm/oOUmBE45Q071
|
||||||
|
v9C4oQHPsBNK/yMtlRssel815Xx4lbJIpKAg4BRtyBHWCzH/gVRGhYA8xDs/DEvu
|
||||||
|
Z9mswBdniP+K1XSkr+NtxFvtkAy/C2Q2qk3sqpCMOt3MDGTyBgqIoplE/4XRCis9
|
||||||
|
d7b1v1zv4/hN
|
||||||
|
=sQXd
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
21
gpg-pubkey-50a3dd1c-50f35137.asc
Normal file
21
gpg-pubkey-50a3dd1c-50f35137.asc
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
5EAF444450A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||||
|
|
||||||
|
mQENBFDzUTcBCADQ3p9ch1aR6cBqL+O7UNO+zFNTI5WxLf4tegWP8uuxK5tJTgXO
|
||||||
|
tjnwWmWIaijO6yfCtlBu8hD2Zp9sMenDY42yM5/uII0RpszqzqwwK5onnjGcSkWZ
|
||||||
|
8jAAn+mtLIJvCLCwTqwEM4mTdTZROtCnttHXZr4GFrqpeAh+SKEWIoMF66N1FSb6
|
||||||
|
S0evzYw3ryjbFY0pial9/hqqnsTWCNHzE1Up7qdNIPxDV8UGyUzm70/xMMjJSIkB
|
||||||
|
aGpRdhILfZgyH6Ajhm7VCPPzW/BO30RSjHDnyo3hR39jE+KxvdgqTz+AthK5z+p2
|
||||||
|
mwQ+ohTAo4dGb0lyZYFpXD7ucEl9w1ygzUe/ABEBAAG0NlN1U0UgUGFja2FnZSBT
|
||||||
|
aWduaW5nIEtleSAocmVzZXJ2ZSBrZXkpIDxidWlsZEBzdXNlLmRlPokBPAQTAQIA
|
||||||
|
JgUCUPNRNwIbAwUJB4TOAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEF6vRERQ
|
||||||
|
o90cr+kH/RwB21ma7cQvZ1lHvgcOTuM7Ttqq6x7uuFFDXCIdmbDHv1ocQI5Z3VCb
|
||||||
|
/7w+J8ZcBwNcr7i9Qsayu7umCILEOO8pNn/SlJVz6Kr6j6L8oAC3XHbXYrHacwMR
|
||||||
|
y9jQPCDqP7WZduRgEW2VWnIoNp6p/DAj724EmfLzURwLG1QKiLnOLtpygzyquk3S
|
||||||
|
gPGqgro+hCWX/VWgtBEKd33mgvwCBGjIe86VMvLCgtggyoBWDXYvsQMBO62fnk5w
|
||||||
|
Btwum/m8VPhWhcrbUK60ZsHbdwfmsBOKxewf2vIuKUcqJnIYCfsuBgx9xUxiNlGR
|
||||||
|
BVJIlG17h0jlRbEuuRez2397vU8Zw08=
|
||||||
|
=SfX3
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
28
security_at_suse_de.asc
Normal file
28
security_at_suse_de.asc
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
77B2E6003D25D3D9 SuSE Security Team <security@suse.de>
|
||||||
|
|
||||||
|
The block below contains the public key of the SUSE Security team.
|
||||||
|
It's used to sign security advisories and other imporant
|
||||||
|
announcents concerning the distribution. To be able to verify
|
||||||
|
signatures made with that key you need to import this file into your
|
||||||
|
keyring using the following command:
|
||||||
|
|
||||||
|
gpg --import security_at_suse_de.asc
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2.0.16 (GNU/Linux)
|
||||||
|
|
||||||
|
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
|
||||||
|
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
|
||||||
|
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
|
||||||
|
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
|
||||||
|
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
|
||||||
|
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
|
||||||
|
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
|
||||||
|
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
|
||||||
|
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
|
||||||
|
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
|
||||||
|
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
|
||||||
|
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
|
||||||
|
zinsSx2OrWgvSiLEXXYK
|
||||||
|
=m7kg
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
@ -1,3 +1,18 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 9 12:29:53 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- Merged over logic from openSUSE-build-key.
|
||||||
|
- Got rid of default importing into roots keyring.
|
||||||
|
- Removed some old keys.
|
||||||
|
- Clarify that security@suse.de is a email only key
|
||||||
|
- PTF key is supplied also as %doc, to not be default
|
||||||
|
imported.
|
||||||
|
- Keys currently inside:
|
||||||
|
- pub 2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
|
||||||
|
- pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||||
|
- pub 1024D/B37B98A9 SUSE PTF Signing Key <support@suse.com>
|
||||||
|
- pub 2048R/3D25D3D9 SuSE Security Team <security@suse.de>
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 31 17:11:08 CET 2013 - ro@suse.de
|
Thu Jan 31 17:11:08 CET 2013 - ro@suse.de
|
||||||
|
|
||||||
|
|||||||
Binary file not shown.
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package suse-build-key
|
# spec file for package suse-build-key
|
||||||
#
|
#
|
||||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -24,106 +24,64 @@ AutoReqProv: off
|
|||||||
Summary: The public gpg key for rpm package signature verification
|
Summary: The public gpg key for rpm package signature verification
|
||||||
License: GPL-2.0+
|
License: GPL-2.0+
|
||||||
Group: System/Packages
|
Group: System/Packages
|
||||||
Version: 1.0
|
Version: 12.0
|
||||||
Release: 907.<RELEASE42>
|
Release: 0
|
||||||
Source0: suse-build-key.gpg
|
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
|
||||||
Source1: dumpsigs
|
# The main package signing key.
|
||||||
|
Source0: gpg-pubkey-39db7c82-510a966b.asc
|
||||||
|
# pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
|
||||||
|
# Fallback key if main key gets lost.
|
||||||
|
Source1: gpg-pubkey-50a3dd1c-50f35137.asc
|
||||||
|
|
||||||
|
# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
|
||||||
|
# SUSE supplied PTF (program temporary fixes) are signed by this key.
|
||||||
|
# supplied to be not imported by default
|
||||||
|
Source98: suse_ptf_key.asc
|
||||||
|
|
||||||
|
# pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
|
||||||
|
# security@suse.de communication key.
|
||||||
|
# Only used for E-Mail encryption and signing to/from security@suse.de.
|
||||||
|
Source99: security_at_suse_de.asc
|
||||||
|
|
||||||
|
Source100: dumpsigs
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
%define pubring usr/lib/rpm/gnupg/pubring.gpg
|
%define keydir %{_prefix}/lib/rpm/gnupg/keys
|
||||||
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
|
|
||||||
PreReq: sh-utils gpg fileutils mktemp
|
PreReq: sh-utils gpg fileutils mktemp
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This package contains the gpg key that is used to sign official SuSE
|
This package contains the gpg keys that are used to sign the
|
||||||
rpm packages. It will be installed as a keyring in
|
SUSE rpm packages. The keys installed here are not actually
|
||||||
/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
|
used by anything. rpm/zypper use the keys in the rpm db instead.
|
||||||
own keys to verify against should use the following commandline command
|
|
||||||
to add the key to the keyring as used by RPM:
|
|
||||||
|
|
||||||
gpg --no-options --no-default-keyring \ --keyring
|
|
||||||
/usr/lib/rpm/gnupg/pubring.gpg --import
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
rm -f foobarnosuchfileordirectory
|
%setup -qcT
|
||||||
#%setup
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
cp %SOURCE98 .
|
||||||
|
cp %SOURCE99 .
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
mkdir -p $RPM_BUILD_ROOT%{keydir}
|
||||||
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
|
for i in %sources; do
|
||||||
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
case "$i" in
|
||||||
mkdir keys
|
*/gpg-pubkey-*.asc)
|
||||||
cd keys
|
install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
|
||||||
$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
|
;;
|
||||||
cd ..
|
esac
|
||||||
cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
done
|
||||||
|
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
||||||
touch $RPM_BUILD_ROOT/%{pubring}
|
|
||||||
touch $RPM_BUILD_ROOT/%{pubring}~
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(644,root,root)
|
%defattr(644,root,root)
|
||||||
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
|
%doc security_at_suse_de.asc suse_ptf_key.asc
|
||||||
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
|
%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
|
||||||
/usr/lib/rpm/gnupg/keys
|
%attr(755,root,root) %dir %{keydir}
|
||||||
%config /%{susering}
|
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
|
||||||
%ghost /%{pubring}
|
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
|
||||||
%ghost /%{pubring}~
|
%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
|
||||||
|
|
||||||
%post
|
|
||||||
if [ ! -f %{pubring} ]; then
|
|
||||||
touch %{pubring}
|
|
||||||
fi
|
|
||||||
echo -n "importing SuSE build key to rpm keyring... "
|
|
||||||
TF=`mktemp /tmp/gpg.XXXXXX`
|
|
||||||
if [ -z "$TF" ]; then
|
|
||||||
echo "suse-build-key::post: cannot make temporary file. Fatal error."
|
|
||||||
exit 20
|
|
||||||
fi
|
|
||||||
if [ -z "$HOME" ]; then
|
|
||||||
HOME=/root
|
|
||||||
export HOME
|
|
||||||
fi
|
|
||||||
if [ ! -d "$HOME" ]; then
|
|
||||||
mkdir "$HOME"
|
|
||||||
fi
|
|
||||||
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
|
|
||||||
# no kidding... gpg won't initialize correctly without being called twice.
|
|
||||||
gpg < /dev/null > /dev/null 2>&1 || true
|
|
||||||
gpg < /dev/null > /dev/null 2>&1 || true
|
|
||||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
|
||||||
--keyring %{susering} --export -a > $TF
|
|
||||||
a="$?"
|
|
||||||
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
|
||||||
--keyring %{pubring} --import < $TF
|
|
||||||
b="$?"
|
|
||||||
rm -f "$TF"
|
|
||||||
if [ "$a" = 0 -a "$b" = 0 ]; then
|
|
||||||
echo "done."
|
|
||||||
else
|
|
||||||
echo "importing the key from the file %{susering}"
|
|
||||||
echo "returned an error. This should not happen. It may not be possible"
|
|
||||||
echo "to properly verify the authenticity of rpm packages from SuSE sources."
|
|
||||||
echo "The keyring containing the SuSE rpm package signing key can be found"
|
|
||||||
echo "in the root directory of the first CD (DVD) of your SuSE product."
|
|
||||||
exit -1
|
|
||||||
fi
|
|
||||||
### import suse package build key to roots gpg keyring
|
|
||||||
if test -f root/.gnupg/pubring.gpg ; then
|
|
||||||
chroot . usr/bin/gpg --export --armor --no-default-keyring \
|
|
||||||
--keyring %{susering} build@suse.de \
|
|
||||||
| chroot . usr/bin/gpg --import || true
|
|
||||||
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
|
|
||||||
echo "gpg import for build@suse.de failed, please import manually" >&2
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
cp %{susering} root/.gnupg/pubring.gpg
|
|
||||||
fi
|
|
||||||
chmod 600 root/.gnupg/pubring.gpg
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
|||||||
26
suse_ptf_key.asc
Normal file
26
suse_ptf_key.asc
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
6C74CE73B37B98A9 SUSE PTF Signing Key <support@suse.com>
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||||
|
|
||||||
|
mQGiBEKCDxcRBAC8XEA/xoFsF6c9QHU0aA3JBCQC3Jhpdv1+YzZOHDaSUziQ2ZL8
|
||||||
|
12pt5oMg7qE0i5j0+zwL/0TUi4W8tar86a9gxRHzWgSkTiz4H2MvXSy5Qrnu1+Ho
|
||||||
|
MCAWMEL4s2JftKVu0XFRuT4nNHVi80JZxRzmF2EBLvtz7jrRHT/N/5A4FwCg+PE1
|
||||||
|
wR2NC89ux+VfxoR8UzQu4wUD/2ZBslJyLYE6rpUFYHceSK3gOlPSIlCn3OYlVDY3
|
||||||
|
AgYsqYH5gEOHxQeqigukk+tffyHIr5wdzTgTrPeL7v+TpgVHuRRuw7Dl9oi1PyoW
|
||||||
|
/PzNPjNSlXQCLUocY/ctCjre+WxjiewDPqmYVYS8Ie2DZMTFJ4w27mazfTJYgcPl
|
||||||
|
mmwqA/oDFSaXdRl0csqWi6XvjbUJKSVlDc8IuulB1IRLNk94+xKoDtC2xxp8zEVB
|
||||||
|
xBqmbT6pM1k3+KVzGL7oSHl4uMqzOkbRfKgKL/6ahJnLAGJPfPdFeIyGmvWDG915
|
||||||
|
TE8oMesJq/MSaohxdJ6dywkhjd19Cbdts02scIfSu5yzMXHCm7QnU1VTRSBQVEYg
|
||||||
|
U2lnbmluZyBLZXkgPHN1cHBvcnRAc3VzZS5jb20+iGIEExECACICGwMECwcDAgMV
|
||||||
|
AgMDFgIBAh4BAheABQJL4BoaBQkQ4tkDAAoJEGx0znOze5ipiDoAn0YH3g6kFZfO
|
||||||
|
BcxASwMft1iuWVT5AKCQFQ1deyNwXvo+eCH/dGpt5nj1d7kBDQRCgg8ZEAQAkwPg
|
||||||
|
vF3r+7NNqgJyiW4w5yGXgu5H4Kmd9wXAT6sUOPU+4GRJJep0dUxHgdis2BboBDlO
|
||||||
|
YVWE061pua8Ut6mA5Rx0/KOCeTL3SJtXMcknop/4fSLfnPN0/bsbALAN7RtmEJnV
|
||||||
|
QXba7C/jY04J2p0wtWfF9Zh2/O0EaPmiVjkakHMAAwUD/0T/fMgYwD1ROk1aB7KW
|
||||||
|
0bcro2hYfXCPTZtpZI6qfRbwKr8SQ6wSSWRi+p1hrtY6SBSNqw3mW4K42bPewanI
|
||||||
|
KdGc9mDt2ecQK5TAScL6VKwPvR0LK5GXJsYZjm1/uf4dWAfoy5T8jqObjL+uavtd
|
||||||
|
RKcJVbquhZwMeAeOqiPaCFMliEwEGBECAAwFAkvgGiYFCRDi2Q0ACgkQbHTOc7N7
|
||||||
|
mKndUgCfUmb1pAbgOJ3axZbe9HSwAb/BxlEAoKriKwSDH8XsRPQSp493OfB5UDpP
|
||||||
|
=GBuj
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
Loading…
Reference in New Issue
Block a user