diff --git a/.gitignore b/.gitignore index 879ab87..c2b7188 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /cpio-*.tar.bz2 +/cpio-*.tar.bz2.sig diff --git a/cpio.spec b/cpio.spec index 3518aa0..adb4f88 100644 --- a/cpio.spec +++ b/cpio.spec @@ -1,14 +1,19 @@ Summary: A GNU archiving program Name: cpio Version: 2.14 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL-3.0-or-later URL: https://www.gnu.org/software/cpio/ -Source: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2 +Source0: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2 # help2man generated manual page distributed only in RHEL/Fedora Source1: cpio.1 +Source2: https://ftp.gnu.org/gnu/cpio/cpio-%{version}.tar.bz2.sig +# https://savannah.gnu.org/projects/cpio/ lists one maintainer, gray +# and their GPG key is https://savannah.gnu.org/people/viewgpg.php?user_id=311 +Source3: gray-key.gpg + # We use SVR4 portable format as default. Patch1: cpio-2.14-rh.patch @@ -47,6 +52,7 @@ Provides: /bin/cpio BuildRequires: gcc BuildRequires: texinfo, autoconf, automake, gettext, gettext-devel, rmt BuildRequires: make +BuildRequires: gnupg2 %description GNU cpio copies files into or out of a cpio or tar archive. Archives @@ -64,6 +70,7 @@ Install cpio if you need a program to manage file archives. %prep +%{gpgverify} --keyring='%{SOURCE3}' --signature='%{SOURCE2}' --data='%{SOURCE0}' %autosetup -p1 @@ -102,6 +109,9 @@ make check || { %{_infodir}/*.info* %changelog +* Sun Jul 16 2023 Stewart Smith - 2.14-3 +- gpg verify source tarball + * Mon May 29 2023 Lukas Javorsky - 2.14-2 - Release bump diff --git a/gray-key.gpg b/gray-key.gpg new file mode 100644 index 0000000..87daece --- /dev/null +++ b/gray-key.gpg @@ -0,0 +1,31 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.7 (GNU/Linux) + +mQGiBDxhQHkRBACyhJxCLQvLs70IUZSlYVKAm+u1Oa4RyUo5/ctCcMm2KOcjui3z +xs+yUwlglo1n/de9NNJY98PJNLHniMVi5sPba8OKwYx9bilwuAWLgTsgfpX8UuuY +TANQmTybmrxjzxrGqN7eyjBT3utgbK3ACKDo/JUCgZMkdFu2c2i7186sDwCgo9pQ +ygxOOWEWBm70Rymdfvkon6EEAKY5h9nL1qYw46vM1+QY+vhyX2lHTD/E9QyFQv4L +driY3CerLAZ07yk5p8I6T31d7HEUt9DZcl0ZD99Y9IH84wWvms1xtnCuoLlP4ntw +FQ5ZUZtMY0AIVRtFbgkTDDLZsdanscqMu/LqnO2/QWjCQhaO/tcaIdPVgBIbCr28 +fuBJA/9KA5vbQBd4WnNFLVJsr47irnJBYdR+OqPQAUFUcQPO1metR76UZ7+7LwtO +ldAjPN3RDJtRB8/JooHDNq+VCEzjs02JaBpQ+BCOzzqELnkoBPl26yHR56r4WbC5 ++FH/QxEaicjVGxIF/Z9crzG/XUMXwieTNcM6HoGCnMboGqCM4bQjU2VyZ2V5IFBv +em55YWtvZmYgPGdyYXlAZ251Lm9yZy51YT6IXgQTEQIAHgUCQ/CVdwIbAwYLCQgH +AwIDFQIDAxYCAQIeAQIXgAAKCRA2ArB/VdDHMubqAJ9tq+C7VtEMexpRAq9jzcKo +5fZFywCeKtqljjB7nsCIKvZNOV1D4fn7HDm0MlNlcmdleSBQb3pueWFrb2ZmIChH +cmF5KSA8Z3JheUBtaXJkZGluLmZhcmxlcC5uZXQ+iFcEExECABcFAjxhQHkFCwcK +AwQDFQMCAxYCAQIXgAAKCRA2ArB/VdDHMg3iAKCVtLVewNzCDfjui1wTWmz73IcU +aQCcDjK4771A6G/z6qX5bDuK1yL/YeSIRgQSEQIABgUCP1tgaAAKCRCjCdZ5GaIl +R3GsAJ9IHf/Rl/2+eR03mdAe+AeSTaBfagCfUsLc7/wp+fb7Xo6lKQezvJzGBqu0 +IFNlcmdleSBQb3pueWFrb2ZmIDxncmF5QGdudS5vcmc+iF4EExECAB4FAkPwlbUC +GwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQNgKwf1XQxzJFSgCeNYJSs7nalOVI +MTJB3Ui6NvKL/nAAni1KxoLZr/+jG5iAnhuuL+ijq54GuQENBDxhQHwQBAD3qEph +UOWRg9C8hSJpZ9Zo8F+hXnF6mvMWuy76R+yHqg4H5CPWSH116lOKl5xpGeXdOOzM +5OxGgdEChb+jLoszM9rc3HQfcKAQmFMd03Iay4/5jMAS+vNgCfDV98nj6gU0Y3ku +UdTkyMPDObQWv1ginAnkoOVXb7nAVW/X5n8izwADBQP8CPuRROj2FC+w2tTXDgaJ +am9PEm1coHRJAoHef1nBZfOAOZLjRD10wBg2m8q2EUJ4/mr/1D0whTINThJkvmZk +RGVkuNILeC3X5dMQ1AX4fIOOnVObWVrlg5etH8ichIOYOUOqCx/cuV9F6Apg9PE6 +vcFqmh4BoOlb0qOaIdzN1sWIRgQYEQIABgUCPGFAfAAKCRA2ArB/VdDHMlPgAKCM +9FxutfWWvZqNKW5up6GnB4y6WwCeN5k4mxck975PULOk8jq/ZqLGvnQ= +=5lxD +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/sources b/sources index be165ed..dc8b33d 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (cpio-2.14.tar.bz2) = 2dc93a81e31b6fb7ff9976243d22ca7a84bb396c7ad09e0abfb5d5efae1164ebb319fb89be45045797f8c604b3e3d2ea0746e3cfe559aa86282ea4ec9a17da28 +SHA512 (cpio-2.14.tar.bz2.sig) = 48b587da0cbd93b4d5b23668f1fd6ec24c01a272142578644fb93a67f0467fb507ec8a0a8e11696930c959c9508dd1983d20955a265bd0cdc1c2880dd4e2c559