Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/cairomm.git#57b849212d845c4915541582feb0cc3dfbcc0459
This commit is contained in:
parent
3606414834
commit
804d0ae52d
|
@ -13,3 +13,4 @@ cairomm-1.9.1.tar.gz
|
||||||
/cairomm-1.14.2.tar.xz
|
/cairomm-1.14.2.tar.xz
|
||||||
/cairomm-1.14.2.tar.xz.sha1
|
/cairomm-1.14.2.tar.xz.sha1
|
||||||
/cairomm-1.14.2.tar.xz.sha1.asc
|
/cairomm-1.14.2.tar.xz.sha1.asc
|
||||||
|
/cairomm-1.14.2.tar.xz.asc
|
||||||
|
|
43
cairomm.spec
43
cairomm.spec
|
@ -9,22 +9,18 @@
|
||||||
Name: cairomm
|
Name: cairomm
|
||||||
Summary: C++ API for the cairo graphics library
|
Summary: C++ API for the cairo graphics library
|
||||||
Version: 1.14.2
|
Version: 1.14.2
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
|
|
||||||
URL: https://www.cairographics.org
|
URL: https://www.cairographics.org
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
|
|
||||||
%global src_base https://www.cairographics.org/releases
|
%global src_base https://www.cairographics.org/releases
|
||||||
Source0: %{src_base}/%{name}-%{version}.tar.xz
|
Source0: %{src_base}/%{name}-%{version}.tar.xz
|
||||||
# The complete set of authorized GPG signing keys is not published
|
# No keyring with authorized GPG signing keys is published
|
||||||
# (https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/331), and
|
# (https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/331), but we
|
||||||
# the signature is over a cryptographically-weak SHA1 checksum file
|
# are able to verify the signature using the key for Kjell Ahlstedt from
|
||||||
# (https://gitlab.freedesktop.org/cairo/cairo/-/issues/458), as initially
|
|
||||||
# reported in https://gitlab.freedesktop.org/cairo/cairomm/-/issues/25.
|
|
||||||
# However, we are able to verify the signature (of the weak SHA1 checksum)
|
|
||||||
# using the key for Kjell Ahlstedt from
|
|
||||||
# https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/290.
|
# https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/290.
|
||||||
Source1: %{src_base}/cairomm-%{version}.tar.xz.sha1.asc
|
Source1: %{src_base}/cairomm-%{version}.tar.xz.asc
|
||||||
Source2: https://gitlab.freedesktop.org/freedesktop/freedesktop/uploads/0ac64e9582659f70a719d59fb02cd037/gpg_key.pub
|
Source2: https://gitlab.freedesktop.org/freedesktop/freedesktop/uploads/0ac64e9582659f70a719d59fb02cd037/gpg_key.pub
|
||||||
|
|
||||||
BuildRequires: gnupg2
|
BuildRequires: gnupg2
|
||||||
|
@ -107,27 +103,17 @@ The API/ABI version series is %{apiver}.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
# https://gitlab.freedesktop.org/cairo/cairomm/-/issues/25
|
# Import developer’s public GPG key to a keyring that we can use for signature
|
||||||
# The .sha1.asc file in %%{SOURCE2} is a signed-but-not-encrypted copy of the
|
# verification.
|
||||||
# corresponding .sha1 file; see the description of the --sign option in
|
|
||||||
# https://access.redhat.com/solutions/1541303. We “decrypt it” using the
|
|
||||||
# signer’s public key from %%{SOURCE3} to obtain a verified copy of the .sha1
|
|
||||||
# file. To do so, we must first import the public key into a keyring; see
|
|
||||||
# /usr/lib/rpm/redhat/gpgverify, which is the implementation of the %%gpgverify
|
|
||||||
# macro, although we cannot use that macro due to the unconventional signing
|
|
||||||
# scheme.
|
|
||||||
workdir="$(mktemp --directory)"
|
workdir="$(mktemp --directory)"
|
||||||
workring="${workdir}/keyring.gpg"
|
gpg2 --homedir="${workdir}" --yes --import '%{SOURCE2}'
|
||||||
gpg2 --homedir="${workdir}" --yes --no-default-keyring \
|
gpg2 --homedir="${workdir}" --export --export-options export-minimal \
|
||||||
--keyring "${workring}" --import '%{SOURCE2}'
|
> %{name}.gpg
|
||||||
gpg2 --homedir="${workdir}" --keyring "${workring}" --decrypt '%{SOURCE1}' \
|
|
||||||
> "${workdir}/%{name}.sha1"
|
|
||||||
pushd "${workdir}"
|
|
||||||
ln -s '%{SOURCE0}'
|
|
||||||
sha1sum -c %{name}.sha1
|
|
||||||
popd
|
|
||||||
rm -rf "${workdir}"
|
rm -rf "${workdir}"
|
||||||
|
|
||||||
|
%{gpgverify} \
|
||||||
|
--keyring='%{name}.gpg' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||||
|
|
||||||
%autosetup
|
%autosetup
|
||||||
# We must remove the jQuery/jQueryUI bundle with precompiled/minified/bundled
|
# We must remove the jQuery/jQueryUI bundle with precompiled/minified/bundled
|
||||||
# JavaScript that is in untracked/docs/reference/html/jquery.js, since such
|
# JavaScript that is in untracked/docs/reference/html/jquery.js, since such
|
||||||
|
@ -185,6 +171,9 @@ cp -rp examples %{buildroot}%{_datadir}/doc/%{name}-%{apiver}/
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Feb 20 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 1.14.2-8
|
||||||
|
- Verify source with new strong signatures from upstream
|
||||||
|
|
||||||
* Thu Feb 18 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 1.14.2-7
|
* Thu Feb 18 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 1.14.2-7
|
||||||
- Working (but weak, dependent on SHA1) source signature verification
|
- Working (but weak, dependent on SHA1) source signature verification
|
||||||
- Added API/ABI version to descriptions
|
- Added API/ABI version to descriptions
|
||||||
|
|
2
sources
2
sources
|
@ -1,2 +1,2 @@
|
||||||
SHA512 (cairomm-1.14.2.tar.xz) = aef374fca25ad22770407e36512046b266d71ebeccd47fb629cfbf2f67783aa314bb335b972088a88d98417a4774d6f144cd2769c452f8aa23770eae08dca592
|
SHA512 (cairomm-1.14.2.tar.xz) = aef374fca25ad22770407e36512046b266d71ebeccd47fb629cfbf2f67783aa314bb335b972088a88d98417a4774d6f144cd2769c452f8aa23770eae08dca592
|
||||||
SHA512 (cairomm-1.14.2.tar.xz.sha1.asc) = 992f2ab7be68ce7570ba49efa40cc12cc2d2ed13983127892f1335401a184f3cb35e1a4b422d7ff0d234a0085bbc0dac9c84f183133f40ac47e668fb6d21f3c6
|
SHA512 (cairomm-1.14.2.tar.xz.asc) = b2b9c79d4fb2b43f30599a1bcb5138bf375962728e173514a2ee8b69bed2e7a78a8a4818258e0aec0138c953597f3e6cf83cd3b99b3e3a1538afcc0c23f6a7c1
|
||||||
|
|
Loading…
Reference in New Issue