Hello community,
here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2014-01-14 13:55:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old)
and /work/SRC/openSUSE:Factory/.suse-build-key.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "suse-build-key"
Changes:
--------
--- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2014-01-10 07:16:28.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.suse-build-key.new/suse-build-key.changes 2014-01-14 13:55:20.000000000 +0100
@@ -1,0 +2,6 @@
+Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com
+
+- reverted to contain the fullkeyring build SLE12 Alpha.
+- also list the old sle11 build@suse.de key temporary
+
+-------------------------------------------------------------------
New:
----
gpg-pubkey-307e3d54-4be01a65.asc
suse-build-key.gpg
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ suse-build-key.spec ++++++
--- /var/tmp/diff_new_pack.PhtCl9/_old 2014-01-14 13:55:21.000000000 +0100
+++ /var/tmp/diff_new_pack.PhtCl9/_new 2014-01-14 13:55:21.000000000 +0100
@@ -26,12 +26,19 @@
Group: System/Packages
Version: 12.0
Release: 0
+Source0: suse-build-key.gpg
+Source1: dumpsigs
+
# pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key
# The main package signing key.
-Source0: gpg-pubkey-39db7c82-510a966b.asc
+Source2: gpg-pubkey-39db7c82-510a966b.asc
# pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key)
# Fallback key if main key gets lost.
-Source1: gpg-pubkey-50a3dd1c-50f35137.asc
+Source3: gpg-pubkey-50a3dd1c-50f35137.asc
+
+# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key
+# SLE11 build@suse.de key, 1024 bit
+Source4: gpg-pubkey-307e3d54-4be01a65.asc
# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key
# SUSE supplied PTF (program temporary fixes) are signed by this key.
@@ -43,10 +50,13 @@
# Only used for E-Mail encryption and signing to/from security@suse.de.
Source99: security_at_suse_de.asc
-Source100: dumpsigs
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%define keydir %{_prefix}/lib/rpm/gnupg/keys
+
+%define pubring usr/lib/rpm/gnupg/pubring.gpg
+%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
+
PreReq: sh-utils gpg fileutils mktemp
%description
@@ -65,23 +75,76 @@
%install
rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT%{keydir}
-for i in %sources; do
- case "$i" in
- */gpg-pubkey-*.asc)
- install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
- ;;
- esac
-done
-install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
+install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+mkdir keys
+cd keys
+$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
+cd ..
+cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+
+touch $RPM_BUILD_ROOT/%{pubring}
+touch $RPM_BUILD_ROOT/%{pubring}~
%files
%defattr(644,root,root)
-%doc security_at_suse_de.asc suse_ptf_key.asc
-%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
-%attr(755,root,root) %dir %{keydir}
-%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
-%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
-%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
+%attr(755,root,root) %dir /usr/lib/rpm/gnupg
+%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
+/usr/lib/rpm/gnupg/keys
+%config /%{susering}
+%ghost /%{pubring}
+%ghost /%{pubring}~
+
+%post
+if [ ! -f %{pubring} ]; then
+ touch %{pubring}
+fi
+echo -n "importing SuSE build key to rpm keyring... "
+TF=`mktemp /tmp/gpg.XXXXXX`
+if [ -z "$TF" ]; then
+ echo "suse-build-key::post: cannot make temporary file. Fatal error."
+ exit 20
+fi
+if [ -z "$HOME" ]; then
+ HOME=/root
+ export HOME
+fi
+if [ ! -d "$HOME" ]; then
+ mkdir "$HOME"
+fi
+gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
+# no kidding... gpg won't initialize correctly without being called twice.
+gpg < /dev/null > /dev/null 2>&1 || true
+gpg < /dev/null > /dev/null 2>&1 || true
+gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
+ --keyring %{susering} --export -a > $TF
+a="$?"
+gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
+ --keyring %{pubring} --import < $TF
+b="$?"
+rm -f "$TF"
+if [ "$a" = 0 -a "$b" = 0 ]; then
+ echo "done."
+else
+ echo "importing the key from the file %{susering}"
+ echo "returned an error. This should not happen. It may not be possible"
+ echo "to properly verify the authenticity of rpm packages from SuSE sources."
+ echo "The keyring containing the SuSE rpm package signing key can be found"
+ echo "in the root directory of the first CD (DVD) of your SuSE product."
+ exit -1
+fi
+### import suse package build key to roots gpg keyring
+if test -f root/.gnupg/pubring.gpg ; then
+ chroot . usr/bin/gpg --export --armor --no-default-keyring \
+ --keyring %{susering} build@suse.de \
+ | chroot . usr/bin/gpg --import || true
+ if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
+ echo "gpg import for build@suse.de failed, please import manually" >&2
+ fi
+else
+ cp %{susering} root/.gnupg/pubring.gpg
+fi
+chmod 600 root/.gnupg/pubring.gpg
%changelog
++++++ gpg-pubkey-307e3d54-4be01a65.asc ++++++
E3A5C360307E3D54 SuSE Package Signing Key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)
mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi
KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl
edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT
dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC
GwMECwcDAgMVAgMDFgIBAh4BAheABQJL4BplBQkPRMsIAAoJEOOlw2Awfj1UhOsD
/RkkEhOIC9NNad0F5O0rEJxvsI7Nm+6FnNJq8LjyR5+87epQCXgpaBXEGd4RcjjO
TukLaHHrC1T/h4biIyf253VZHr4oJ46sUivNUFq60gl4gk56aTGTNeUWOsgrU4jm
auFca3dbGcNfiJ7c7dF2CkOAR+CPMLPYTvuVIRQBAjeS
=jKkp
-----END PGP PUBLIC KEY BLOCK-----
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org