Hello, On 9/25/18 10:53 PM, Bjoern Voigt wrote:
The macro %gpg_verify is unavailable (tested with Tumbleweed). What is currently the right way to verify GPG signatures of sources?
The functionality of this macro was completely replaced by the verify_source source service which runs automatically during check-in and build. If the package contains a %name.keyring, that keyring will be used to very any .asc/.sign file against matching .tar/.tar.gz etc. without further need to add anything in the spec file.
What is a good example package for GPG verification?
grep. Andreas -- Andreas Stieger <astieger@suse.com> Head of Product Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org