# # spec file for package suse-build-key # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: suse-build-key BuildRequires: gpg Provides: build-key Requires: gpg AutoReqProv: off Summary: The public gpg key for rpm package signature verification License: GPL-2.0+ Group: System/Packages Version: 1.0 Release: 0 Source0: suse-build-key.gpg Source1: dumpsigs BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %define pubring usr/lib/rpm/gnupg/pubring.gpg %define susering usr/lib/rpm/gnupg/suse-build-key.gpg PreReq: sh-utils gpg fileutils mktemp %description This package contains the gpg key that is used to sign official SuSE rpm packages. It will be installed as a keyring in /usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their own keys to verify against should use the following commandline command to add the key to the keyring as used by RPM: gpg --no-options --no-default-keyring \ --keyring /usr/lib/rpm/gnupg/pubring.gpg --import %prep rm -f foobarnosuchfileordirectory #%setup %build %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg install %{SOURCE0} $RPM_BUILD_ROOT/%{susering} install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg install -d $RPM_BUILD_ROOT%{keydir} mkdir keys cd keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering} cd .. cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg touch $RPM_BUILD_ROOT/%{pubring} touch $RPM_BUILD_ROOT/%{pubring}~ %files %defattr(644,root,root) %attr(755,root,root) %dir /usr/lib/rpm/gnupg %attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs /usr/lib/rpm/gnupg/keys %config /%{susering} %ghost /%{pubring} %ghost /%{pubring}~ %post if [ ! -f %{pubring} ]; then touch %{pubring} fi echo -n "importing SuSE build key to rpm keyring... " TF=`mktemp /tmp/gpg.XXXXXX` if [ -z "$TF" ]; then echo "suse-build-key::post: cannot make temporary file. Fatal error." exit 20 fi if [ -z "$HOME" ]; then HOME=/root fi if [ ! -d "$HOME" ]; then mkdir "$HOME" fi gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true # no kidding... gpg won't initialize correctly without being called twice. gpg < /dev/null > /dev/null 2>&1 || true gpg < /dev/null > /dev/null 2>&1 || true gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring %{susering} --export -a > $TF a="$?" gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring %{pubring} --import < $TF b="$?" rm -f "$TF" if [ "$a" = 0 -a "$b" = 0 ]; then echo "done." else echo "importing the key from the file %{susering}" echo "returned an error. This should not happen. It may not be possible" echo "to properly verify the authenticity of rpm packages from SuSE sources." echo "The keyring containing the SuSE rpm package signing key can be found" echo "in the root directory of the first CD (DVD) of your SuSE product." exit -1 fi ### import suse package build key to roots gpg keyring if test -f root/.gnupg/pubring.gpg ; then chroot . usr/bin/gpg --export --armor --no-default-keyring \ --keyring %{susering} build@suse.de \ | chroot . usr/bin/gpg --import || true if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then echo "gpg import for build@suse.de failed, please import manually" >&2 fi else cp %{susering} root/.gnupg/pubring.gpg fi chmod 600 root/.gnupg/pubring.gpg %changelog