Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2017-08-24 18:56:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "suse-build-key" Thu Aug 24 18:56:44 2017 rev:35 rq:518538 version:12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2014-09-03 21:11:58.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new/suse-build-key.changes 2017-08-24 18:56:58.090817597 +0200 @@ -1,0 +2,21 @@ +Wed Dec 7 16:35:05 UTC 2016 - meissner@suse.com + +- extend the build@suse.de product key. (bsc#1014151) + + pub 2048R/39DB7C82 2013-01-31 [expires: 2020-12-06] + uid SuSE Package Signing Key <build@suse.de> + +------------------------------------------------------------------- +Tue Nov 29 12:54:46 CET 2016 - ro@suse.de + +- use dumpsigs script from openSUSE to merge code + +------------------------------------------------------------------- +Thu Oct 2 12:45:05 UTC 2014 - meissner@suse.com + +- renamed security_at_suse_de.asc to security_at_suse_de_old.asc +- security_at_suse_de.asc: new 4096 bit RSA key. + pub 4096R/317CD502 2014-10-02 SUSE Security Team <security@suse.de> + bnc#899509 + +------------------------------------------------------------------- @@ -6,0 +28,18 @@ + +------------------------------------------------------------------- +Mon Feb 10 09:57:50 UTC 2014 - meissner@suse.com + +- create suse-build-key.gpg during build. +- Remove old keys from keyring. (fate#314767) + Keys currently inside the RPM trusted keyring: + - pub 2048R/39DB7C82 SuSE Package Signing Key <build@suse.de> + - pub 2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de> +- Various keys are moved to the documentation area + (/usr/share/doc/packages/suse-build-key) + - build-at-suse-sle11.asc: the old SUSE Linux Enterprise 11 key. + if SUSE Linux Enterprise 11 packages need to be verified on + a SUSE Linux Enterprise 12 system. + - suse_ptf_key.asc: The suse ptf key. For verification of provided PTFs. + - security_at_suse_de.asc: Use only for email encryption and + verification purposes when contacting our security contact address + security@suse.de Old: ---- gpg-pubkey-39db7c82-510a966b.asc New: ---- gpg-pubkey-39db7c82-5847eb1f.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ suse-build-key.spec ++++++ --- /var/tmp/diff_new_pack.rw5Jst/_old 2017-08-24 18:56:58.814715667 +0200 +++ /var/tmp/diff_new_pack.rw5Jst/_new 2017-08-24 18:56:58.814715667 +0200 @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,9 +26,11 @@ Group: System/Packages Version: 12.0 Release: 0 + # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de> # The main package signing key. -Source0: gpg-pubkey-39db7c82-510a966b.asc +Source0: gpg-pubkey-39db7c82-5847eb1f.asc + # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de> # Fallback key if main key gets lost. Source1: gpg-pubkey-50a3dd1c-50f35137.asc @@ -36,17 +38,19 @@ # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de> # SLES 10 key. Source2: gpg-pubkey-307e3d54-4be01a65.asc + # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com> # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default Source98: suse_ptf_key.asc -# pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> -# security@suse.de communication key. -# Only used for E-Mail encryption and signing to/from security@suse.de. +# pub 4096R/317CD502 2014-10-02 SUSE Security Team <security@suse.de> +# sub 4096R/0DE80E03 2014-10-02 +# Only used for email communication Source99: security_at_suse_de.asc Source100: dumpsigs + BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %define keydir %{_prefix}/lib/rpm/gnupg/keys @@ -85,7 +89,7 @@ %attr(755,root,root) %dir %{keydir} %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc -%{keydir}/gpg-pubkey-39db7c82-510a966b.asc +%{keydir}/gpg-pubkey-39db7c82-5847eb1f.asc %{keydir}/gpg-pubkey-307e3d54-4be01a65.asc %changelog ++++++ dumpsigs ++++++ --- /var/tmp/diff_new_pack.rw5Jst/_old 2017-08-24 18:56:58.870707782 +0200 +++ /var/tmp/diff_new_pack.rw5Jst/_new 2017-08-24 18:56:58.870707782 +0200 @@ -1,21 +1,50 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w +# dump all keys contained in the keyring specified as argument -my $keyring=''; +use strict; -$keyring="--no-default-keyring --keyring=$ARGV[0]" if $ARGV[0] ne ''; +my @keyring; + +die "must specify keyring\n" unless @ARGV; + +my $file = shift @ARGV; +unless ($file =~ /^\//) { + use Cwd qw/abs_path/; + $file = abs_path($file); +} + +# XXX: workaround for colons in obs project names o_O +if ($file =~ /:/) { + use File::Temp qw/tempdir/; + my $tmpdir = tempdir( CLEANUP => 1); + my $nn = $file; + $nn =~ s/.*\///; + $nn = $tmpdir.'/'.$nn; + symlink($file, $nn) or die "failed to symlink: $!\n"; + $file = $nn; +} + +@keyring = ('--no-default-keyring', '--keyring='.$file); my @line; my $ver; my $rel; my $name; +my %names; + +my @cmd = qw/--no-secmem-warning --no-options --list-sigs --list-options show-keyring --fixed-list-mode --with-colons/; +unshift @cmd, @keyring; +unshift @cmd, 'gpg'; +#print join(' ', @cmd), "\n"; -open(GPG, "gpg $keyring --no-secmem-warning --list-sigs --list-options show-keyring --fixed-list-mode --with-colons |"); +open(GPG, '-|', @cmd); while (<GPG>) { chomp; next unless /^pub:/; @line = split(':', $_); my $id = $line[4]; $_ = <GPG>; + $_ = <GPG> if /^fpr:/; chomp; next unless /^uid:/; @line = split(':', $_); @@ -23,7 +52,7 @@ while (1) { $_ = <GPG>; chomp; - die unless /^sig:/; + next unless /^sig:/; @line = split(':', $_); next if $line[4] ne $id; $ver = lc($id); @@ -31,12 +60,33 @@ $rel = sprintf("%08x", $line[5]); last; } - $names{"gpg-pubkey-$ver-$rel"} = $id; + $names{"gpg-pubkey-$ver-$rel"} = [ $id, $name ]; } close GPG; my $n; for $n (sort keys %names) { - print "writing $n.asc\n"; - system("gpg $keyring --no-secmem-warning --export -a '$names{$n}' >$n.asc"); + @cmd = qw/--no-options --no-secmem-warning --export-options export-minimal --export -a/; + push @cmd, $names{$n}[0]; + unshift @cmd, @keyring; + unshift @cmd, 'gpg'; + my $fn = $n.".asc"; + unless (open(O, '>', $fn)) { + warn "failed to open $fn: $!"; + next; + } + printf O "%s %s\n\n", $names{$n}[0], $names{$n}[1]; + print "writing $fn\n"; + #print join(' ', @cmd), "\n"; + unless (open(GPG, '-|', @cmd)) { + warn "failed to exec gpg: $!"; + close O; + unlink $fn; + next; + } + while(<GPG>) { + print O; + } + close GPG; + close O; } ++++++ security_at_suse_de.asc ++++++ --- /var/tmp/diff_new_pack.rw5Jst/_old 2017-08-24 18:56:58.954695956 +0200 +++ /var/tmp/diff_new_pack.rw5Jst/_new 2017-08-24 18:56:58.958695393 +0200 @@ -1,5 +1,3 @@ -77B2E6003D25D3D9 SuSE Security Team <security@suse.de> - The block below contains the public key of the SUSE Security team. It's used to sign security advisories and other imporant announcents concerning the distribution. To be able to verify @@ -7,22 +5,55 @@ keyring using the following command: gpg --import security_at_suse_de.asc - -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.16 (GNU/Linux) +Version: GnuPG v2 -mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA -BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz -JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh -1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U -P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ -cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg -VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p -WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL -hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG -BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ -AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi -RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 -zinsSx2OrWgvSiLEXXYK -=m7kg +mQINBFQtF/8BEAC682QMnBjVnGNGo8PcdoGgqQcfdtaBMFhpIfFp0dTdcW7vMwJV +PDV1TzOvtAlMSsUo6I+sIYG0PAnc51xh/xOAXzKrz0Qd0MEGVsT98yHB6W3XGRuX +f88FycgIzH03En92yZdBUTV1g3nBM3FFuwjT78quRCzpIMdHtEg4VFFam90TbrLU +F5ApHNqQf3yqbb6ddG5pdwB1pMoG7Zz4XaK/v0D20U8OxjrWTsbDRgWarIWwoGD4 +VhYqC891fHeoVKmYRYsrTJXqdCoArp/eofGHG/zhVA+MEHsNvPBhW+YxxpNO7MI1 +VjwIKFfO9jl3H3m4yOJ3BOaSpxCDb3LwKdSGCYvrCmGhsJpOyG33t/nwzhsN3R3D +OBg3YQQ17rZqcF9H89UauFaRDS1VxD/3GSCpmCAt39NW2EHaTOllcxwGkd61spoB +Q+g10kmiUa1DxWiN0lQnFDdpu8E8SaOnaRKjQy9KDFLxc9GCZXzOceP8wUjWBeKi +yAVesw562vRS+anpqbxeF1qzYJ78OVzjfFbdkxRecy4HbyaMt31YIPflSeEHrUa3 +Zrl8cXmJvcNZRbGeva++gCmzjYPpFSs9bAVWuFqY0UT3PbLYruYhyYyGv1x5Kwvb +TYWqLsQmHQxGp61zI97YbAz/XzLeAFrvzW2BnsEeLNXJG0lBShjalHLzqwARAQAB +tCVTVVNFIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHN1c2UuZGU+iQI5BBMBAgAj +BQJULRf/AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQWPxYsTF81QL5 +WA//cU8pptQ5ZwfI4edi2faNgU4qBF1mJQcchXVyQFcbdHpwNsHkqYFqVK98LwBJ +3sQUUVwUFdt7uauLtPMYONDeroy95DXhwvjsD891adOzehhAn3DTFUYYTPgs/x1b +UoXe5LShjinGi95HRjs5LpKyHn67pr91zbMDA0dhHku9mkD2kg8erTjtLlutCgRd +l25/AUsWi5qG2IZ1GK/GmmpnerD5R5jVc+MLJPW37pSUfS/BdmbK4XmZylpHF53a +hsUlG6wQM7H1OTyCYWA71jJ5ydeBSlrW6Jt4skM0Lipcr2rmLz/CVI/R0CTADyeI +41mOSmKOXQnlM0A3BGhLPb4JZFSOu9r+LvRq8u9sMICFqL7OEhjSHQqQ3Oe4sQWG +vJY1IcP3UW1byG/8MhBTp/16Wxd0Nv44JE4WS2VFVopaso7jmrnv/0JS7b4WwgE8 +OLi3Et4OpeXZEOY9LAYOQc1fdl+leh5qk7TkgNwAn69wdZYXXB3rS1Q6VxMFLyin +xaepwIlx0jsoG608dT03kv9EUx/hwvZrwnDyeoPtB1+HRXw1o6p/zU8B3r5fqes8 +Ah28Q1sD9c0ojH1gWcodQrhfkqLubgRJHUTTzO4KBwtTqBstcIR1kamOyA4oDbwK +tT0KsnU9DtJgqGkw0/nlOOgVXvsKWFXgZj4BcHct+tIO4ce5Ag0EVC0X/wEQAMjU +PGzcmaH8TZ3JExvUiK8zXW5pwnYVyxyMkdn8lWMmPdLI7ljj2OIqzXoYuT4nNmRZ ++zq4ucpd8DwAwim/cfi3bs/xqMNKkC1AybZW/KiEDTHll9Gc0cSa4DBQjdKjm839 +86kz0nzXxWXvBCqEyVVI1YoDAHTcAvMHkOZKc33kv6PS73Gymm78Em1ychx2u6UF +cQ248QFWXOPXsRaLVmNicuD/rEPcaKr8FomYYtqiGr88sv06FF0EdIa1aXqPVQU1 +IxqH3pAn6oQ2aZUe5jzydhMzhiYGfZtO+ePxE7mi2Vr/m3iurVfhusqc69Cxfd4Z +fCReSAQFbJ7Vf58c+rRbIp3NkZaID8Fo9jINC9ogNPDxVLbCSmxTnDpR9IdGi9oZ +VwgcWdQ9rbspOClntbE6GonA++OTEkMOTOFEgGfd7CEuEAAxYc3uchhlSN+LfQja +B24UgGKHP5QEvjclBOKjDWMfsOwyqdDBkGb0rHCE3ohUnA6QQpz+zSmF0oXmGwAQ +Jj3YhT/4Z/VapIjlMu9ZaPoT8dGUaDCUeJa4Kbg2krzMolKDNoZeWL5uOJk64+XU +5JsYBofMrQt3Esv+YGyhD2krYcs/7jaj+BLaJu4+asvXe9pAQTdGCNMoO/qiPsJ6 +gZLnHUjuxMF2eNvFqrYHXCILFFRDYCSiW1RfhPVJABEBAAGJAh8EGAECAAkFAlQt +F/8CGwwACgkQWPxYsTF81QJVJBAAnuE49ccyVXA3uWquzleHx1ioyVPuYKeE1Lzw +ibzdnrOPEYVMyNJbr3AcRofH4++KE5AdV9CUYYsP7pbix5hUcG0UdtT10QxAks/Z +e2k7gTXS3Fgu8q5+q4diDhh1GtiUKX+lsyN4MA6HhzPzACIy7Iy2LlRLV1oqYEMs +UPF2yEA+04r/UJAhKLshE0evA6Kkkq4MXvPcPxbyhZx+1S6/++dS81I+6+EEGyzM ++8GFn50Op84ULS/eSjVusnha/HVz5mulatWw1yV8hdVyKVqDT/GPOcJ3+MnWHIva +7NU3RvySgie7ouxM3M5U1GO/bfL7wmAJvJ2mPhoGoSJ6ir5uhMV1CRvMxDVEqomm +ozxxDGJZ4O8dfpfs9vKIhqeEi9Pk4ZtFIHBEbHiRf1TCpeV13kh9eGpbnSCjTZvD +HcjR78kQM76XH1JPCH72AhPbePOrI/OmHvvrVyQRN24cXvAzK8L4a2c0FqbrivwX +7bFHjZcfsjujYQb1QCF9zomtDXQAkWhts0I+tQcegUfQrrUlGFAMuwO/Lts6KL7G +vyd7dmv07xkbnlwJih4CIKvbImi93fRFMu763QzDhiAQcUohTROoQjZKoJRsRTn8 +czy7l6bFqw5kBgGh0XxyWzdIDIZfyfmb2q6cdEeeajP8g92Hknarmy7UXX7a8eMa +WzjAfBA= +=zsa2 -----END PGP PUBLIC KEY BLOCK-----