forked from pool/suse-build-key
9bbc384603
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/suse-build-key?expand=0&rev=25
124 lines
3.9 KiB
RPMSpec
124 lines
3.9 KiB
RPMSpec
#
|
|
# spec file for package suse-build-key (Version 1.0)
|
|
#
|
|
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
# norootforbuild
|
|
|
|
|
|
Name: suse-build-key
|
|
BuildRequires: gpg
|
|
License: GPL-2.0+
|
|
Group: System/Packages
|
|
Provides: build-key
|
|
Requires: gpg
|
|
AutoReqProv: off
|
|
Summary: The public gpg key for rpm package signature verification
|
|
Version: 1.0
|
|
Release: 909
|
|
Source0: suse-build-key.gpg
|
|
Source1: dumpsigs
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
BuildArch: noarch
|
|
%define pubring usr/lib/rpm/gnupg/pubring.gpg
|
|
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
|
|
PreReq: sh-utils gpg fileutils mktemp
|
|
|
|
%description
|
|
This package contains the gpg key that is used to sign official SuSE
|
|
rpm packages. It will be installed as a keyring in
|
|
/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
|
|
own keys to verify against should use the following commandline command
|
|
to add the key to the keyring as used by RPM:
|
|
|
|
gpg --no-options --no-default-keyring \ --keyring
|
|
/usr/lib/rpm/gnupg/pubring.gpg --import
|
|
|
|
|
|
|
|
%prep
|
|
rm -f foobarnosuchfileordirectory
|
|
#%setup
|
|
|
|
%build
|
|
|
|
%install
|
|
rm -rf $RPM_BUILD_ROOT
|
|
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
|
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
|
|
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
|
|
touch $RPM_BUILD_ROOT/%{pubring}
|
|
touch $RPM_BUILD_ROOT/%{pubring}~
|
|
|
|
%files
|
|
%defattr(644,root,root)
|
|
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
|
|
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
|
|
%config /%{susering}
|
|
%ghost /%{pubring}
|
|
%ghost /%{pubring}~
|
|
|
|
%post
|
|
if [ ! -f %{pubring} ]; then
|
|
touch %{pubring}
|
|
fi
|
|
echo -n "importing SuSE build key to rpm keyring... "
|
|
TF=`mktemp /tmp/gpg.XXXXXX`
|
|
if [ -z "$TF" ]; then
|
|
echo "suse-build-key::post: cannot make temporary file. Fatal error."
|
|
exit 20
|
|
fi
|
|
if [ -z "$HOME" ]; then
|
|
HOME=/root
|
|
fi
|
|
if [ ! -d "$HOME" ]; then
|
|
mkdir "$HOME"
|
|
fi
|
|
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
|
|
# no kidding... gpg won't initialize correctly without being called twice.
|
|
gpg < /dev/null > /dev/null 2>&1 || true
|
|
gpg < /dev/null > /dev/null 2>&1 || true
|
|
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
|
--keyring %{susering} --export -a > $TF
|
|
a="$?"
|
|
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
|
|
--keyring %{pubring} --import < $TF
|
|
b="$?"
|
|
rm -f "$TF"
|
|
if [ "$a" = 0 -a "$b" = 0 ]; then
|
|
echo "done."
|
|
else
|
|
echo "importing the key from the file %{susering}"
|
|
echo "returned an error. This should not happen. It may not be possible"
|
|
echo "to properly verify the authenticity of rpm packages from SuSE sources."
|
|
echo "The keyring containing the SuSE rpm package signing key can be found"
|
|
echo "in the root directory of the first CD (DVD) of your SuSE product."
|
|
exit -1
|
|
fi
|
|
### import suse package build key to roots gpg keyring
|
|
if test -f root/.gnupg/pubring.gpg ; then
|
|
chroot . usr/bin/gpg --export --armor --no-default-keyring \
|
|
--keyring %{susering} build@suse.de \
|
|
| chroot . usr/bin/gpg --import || true
|
|
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
|
|
echo "gpg import for build@suse.de failed, please import manually" >&2
|
|
fi
|
|
else
|
|
cp %{susering} root/.gnupg/pubring.gpg
|
|
fi
|
|
chmod 600 root/.gnupg/pubring.gpg
|
|
|
|
%changelog
|