From 3115fa256f2eeffaa224f371b445bf7e1d015ebd Mon Sep 17 00:00:00 2001 From: David King Date: Fri, 19 Feb 2021 12:34:31 +0000 Subject: [PATCH] Verify GPG signature of sources https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification` --- .gitignore | 1 + autoconf-archive.spec | 11 +++++++++-- ...y-1A4F63A13A4649B632F65EE141BC28FE99089D72.gpg | Bin 0 -> 972 bytes sources | 1 + 4 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 gpgkey-1A4F63A13A4649B632F65EE141BC28FE99089D72.gpg diff --git a/.gitignore b/.gitignore index 688b1c6..055107b 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /autoconf-archive-2018.03.13.tar.xz /autoconf-archive-2019.01.06.tar.xz /autoconf-archive-2021.02.19.tar.xz +/autoconf-archive-2021.02.19.tar.xz.sig diff --git a/autoconf-archive.spec b/autoconf-archive.spec index e8c177e..5576dc8 100644 --- a/autoconf-archive.spec +++ b/autoconf-archive.spec @@ -5,7 +5,12 @@ Summary: The Autoconf Macro Archive License: GPLv3+ with exceptions URL: https://www.gnu.org/software/autoconf-archive/ Source0: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz +Source1: https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz.sig +# gpg --keyserver pool.sks-keyservers.net --recv-keys 1A4F63A13A4649B632F65EE141BC28FE99089D72 +# gpg --export --export-options export-minimal 1A4F63A13A4649B632F65EE141BC28FE99089D72 > gpgkey-1A4F63A13A4649B632F65EE141BC28FE99089D72.gpg +Source2: gpgkey-1A4F63A13A4649B632F65EE141BC28FE99089D72.gpg BuildArch: noarch +BuildRequires: gnupg2 BuildRequires: make Requires: autoconf @@ -15,14 +20,15 @@ GNU Autoconf that have been contributed as free software by friendly supporters of the cause from all over the Internet. %prep -%setup -q +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%autosetup -p1 %build %configure %make_build %install -%make_install INSTALL="install -p" +%make_install # remove dir file which will be generated by /sbin/install-info rm -frv %{buildroot}%{_infodir}/dir # document files are installed another location @@ -37,6 +43,7 @@ rm -frv %{buildroot}%{_datadir}/doc/%{name} %changelog * Fri Feb 19 2021 David King - 2021.02.19-1 - Update to 2021.02.19 (#1930679) +- Verify GPG signature of sources * Tue Jan 26 2021 Fedora Release Engineering - 2019.01.06-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/gpgkey-1A4F63A13A4649B632F65EE141BC28FE99089D72.gpg b/gpgkey-1A4F63A13A4649B632F65EE141BC28FE99089D72.gpg new file mode 100644 index 0000000000000000000000000000000000000000..4844277c36d26d646afd534f42f2af090677dc5a GIT binary patch literal 972 zcmV;-12g=Y0Sg2_-;dk@2msKPp8P|o3e!3!=N34@!AMa?W4!IiPBkt3!Ih&EH@@Lz z$C@;qSy>;+dhc&2b;kN%&Ffe`zkOBuL)>a%0-WnL&^1!5KPrOWPU%e?Ben9#oJ8a? z^y~N@xM=`S4-QfkparxS(Xod(6JsJK9_FDpVM?K@MpU-wmyklyxnrOB|cr{3=6k)(bw}3nWprh7AX8~=Z*FrSJacJnZ*FryV{&<^9(>SYKoxMSS~6JUqo1E z-g5K)o=}jEM#*NOoou(YlA^Em&(sLZoPXNMJprOZ&f_Xt-p^tT&Sd8?PpS_7aFaF= zgtcF+XDb18za>}o1b{%H25b6WzQ!@HBg(THF09{ii~zCvlnz;J1wjDT0*5LZ8fb$= zZqq@z`J(P8_6*(+Rzq%yECbzG+Z@dUiE&;Gyzt9M=c0npSbyefouS-dm-J~2PY|B< z*LJf17aR@!&+7`CistB5FrHw&x%$JN*WQw^GSF8){t*Hq27frSy`SJ`Xpv^72>htl zdPKA(P-S#wav)P_ZEtRKAShE+Q$;BtJaBVqZEtRKKy!6-WiDi8K8XQ01QP)W03ihe zR=AvQ0viJb3ke7Z0tOWb2?`4W1Qr4V0RkQY0vCV)3JDNFyeR&e2%U0^><9inKxdu~ zQ7OTUn(va{M~4&a;itoU8Q-*yn*NRTZsT4T}p`v0c#Z?Qujbr6(@jgUk{{ z0s$QaAd-HiTn=j3It2S0pzKV)Df|1^mLp9gllJ4*LCTxzyh@mgdZCUv*hlRF<=63y z2wcwXCJzdJN5)I`;9aA$i8FD{VD^S1wEJAs2x%<1poMj;!hcJGLYR`dIlQu@Ui(T0 zm24|wFQ uMQsDeWEa=YE4#o;z$XkX?zfh3VW=XJ^AxV_nPHAmM3_4oms|q_Hco++x3MSy literal 0 HcmV?d00001 diff --git a/sources b/sources index 25405b5..5d03e92 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (autoconf-archive-2021.02.19.tar.xz) = a968c355c3cf66d74dc5b452141afbdf763e84a6c43b12c25da9a08482910d6d57ba3952aaf270d8cd5fd8b9d2dadf2d7d943ae2e1b067d68b71d2738d881aa0 +SHA512 (autoconf-archive-2021.02.19.tar.xz.sig) = f377e9b7c5099ce79ab6d7fe22610cd8869d8586089c9c6990984ef971a3bc31d8f4e0956e55e95c812981215c434536b54de5a13e3b449897aad87c1cfb663f