On Mon, Dec 03, 2012 at 08:33:25PM +0100, Stanislav Brabec wrote:
Stanislav Brabec wrote:
I just implemented signature verification for all packages, that already contained signature and/or trusted keyring. But I did not verify, that signature submitted by packagers is the signature of the real author.
Just a hint for people, who got one of these request:
If you want to build package for older SUSE versions and don't want to link or aggregate gpg-offline to your devel projects nor use ugly prjconf trick, feel free to add %if statements to your spec file.
Example:
Source2. %{name}.keyring +%if 0%{?suse_version} > 1220 BuildRequires: gpg-offline +%endif
If we accept the verification is applied for Factory packages only, maybe coolo can call it from factory-auto scripts? Then we don't need to pollute BuildRequires and %prep - the downside is it won't work on devel projects, or in plain rpm as your approach. CCying coolo: what do you thing? Regards Michal Vyskocil
...
%prep +%if 0%{?suse_version} > 1220 %gpg_verify %{S:1} +%endif %setup -q
-- Best Regards / S pozdravem,
Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbrabec@suse.cz Lihovarská 1060/12 tel: +49 911 7405384547 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org