On 9/25/18 10:53 PM, Bjoern Voigt wrote:
The macro %gpg_verify is unavailable (tested with
What is currently the right way to verify GPG signatures of sources?
The functionality of this macro was completely replaced by the
verify_source source service which runs automatically during check-in
and build. If the package contains a %name.keyring, that keyring will be
used to very any .asc/.sign file against matching .tar/.tar.gz etc.
without further need to add anything in the spec file.
What is a good example package for GPG verification?
Andreas Stieger <astieger(a)suse.com>
Head of Product Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org