1
0
suse-build-key/suse-build-key.spec

151 lines
4.8 KiB
RPMSpec

#
# spec file for package suse-build-key
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: suse-build-key
BuildRequires: gpg
Provides: build-key
Requires: gpg
AutoReqProv: off
Summary: The public gpg key for rpm package signature verification
License: GPL-2.0+
Group: System/Packages
Version: 12.0
Release: 0
Source0: suse-build-key.gpg
Source1: dumpsigs
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# The main package signing key.
Source2: gpg-pubkey-39db7c82-510a966b.asc
# pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
# Fallback key if main key gets lost.
Source3: gpg-pubkey-50a3dd1c-50f35137.asc
# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
# SLE11 build@suse.de key, 1024 bit
Source4: gpg-pubkey-307e3d54-4be01a65.asc
# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
# SUSE supplied PTF (program temporary fixes) are signed by this key.
# supplied to be not imported by default
Source98: suse_ptf_key.asc
# pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
# security@suse.de communication key.
# Only used for E-Mail encryption and signing to/from security@suse.de.
Source99: security_at_suse_de.asc
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%define keydir %{_prefix}/lib/rpm/gnupg/keys
%define pubring usr/lib/rpm/gnupg/pubring.gpg
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
PreReq: sh-utils gpg fileutils mktemp
%description
This package contains the gpg keys that are used to sign the
SUSE rpm packages. The keys installed here are not actually
used by anything. rpm/zypper use the keys in the rpm db instead.
%prep
%setup -qcT
%build
cp %SOURCE98 .
cp %SOURCE99 .
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
mkdir keys
cd keys
$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
cd ..
cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
touch $RPM_BUILD_ROOT/%{pubring}
touch $RPM_BUILD_ROOT/%{pubring}~
%files
%defattr(644,root,root)
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
/usr/lib/rpm/gnupg/keys
%config /%{susering}
%ghost /%{pubring}
%ghost /%{pubring}~
%post
if [ ! -f %{pubring} ]; then
touch %{pubring}
fi
echo -n "importing SuSE build key to rpm keyring... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
echo "suse-build-key::post: cannot make temporary file. Fatal error."
exit 20
fi
if [ -z "$HOME" ]; then
HOME=/root
export HOME
fi
if [ ! -d "$HOME" ]; then
mkdir "$HOME"
fi
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{susering} --export -a > $TF
a="$?"
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
--keyring %{pubring} --import < $TF
b="$?"
rm -f "$TF"
if [ "$a" = 0 -a "$b" = 0 ]; then
echo "done."
else
echo "importing the key from the file %{susering}"
echo "returned an error. This should not happen. It may not be possible"
echo "to properly verify the authenticity of rpm packages from SuSE sources."
echo "The keyring containing the SuSE rpm package signing key can be found"
echo "in the root directory of the first CD (DVD) of your SuSE product."
exit -1
fi
### import suse package build key to roots gpg keyring
if test -f root/.gnupg/pubring.gpg ; then
chroot . usr/bin/gpg --export --armor --no-default-keyring \
--keyring %{susering} build@suse.de \
| chroot . usr/bin/gpg --import || true
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
echo "gpg import for build@suse.de failed, please import manually" >&2
fi
else
cp %{susering} root/.gnupg/pubring.gpg
fi
chmod 600 root/.gnupg/pubring.gpg
%changelog