Add source signature check

Cannot use %{gpgverify}, because tarball is not signed directly.
2021-03-19 11:15:34 +01:00 · 2021-03-19 11:15:34 +01:00 · 0e7b0e19cd
commit 0e7b0e19cd
parent 591301b2f0
4 changed files with 74 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 /dhcpcd-6.11.2.tar.xz
 /dhcpcd-6.11.3.tar.xz
 /dhcpcd-9.4.0.tar.xz
+/dhcpcd-9.4.0.tar.xz.distinfo.asc
--- a/dhcpcd.spec
+++ b/dhcpcd.spec
@ -1,3 +1,6 @@
+# Requires explicit trust in builder's keyring
+%bcond_without SIGCHECK
+
 Name: dhcpcd
 Version: 9.4.0
 Release: 1%{?dist}
@ -7,12 +10,17 @@ URL: http://roy.marples.name/projects/%{name}/
 Source0: http://roy.marples.name/downloads/%{name}/%{name}-%{version}.tar.xz
 Source1: %{name}.service
 Source2: %{name}@.service
+Source3: http://roy.marples.name/downloads/%{name}/%{name}-%{version}.tar.xz.distinfo.asc
+Source4: http://keys.gnupg.net/pks/lookup?op=get&search=0x597F97EA9AD45549&options=mr#/roy-marples.name.asc
 BuildRequires:  gcc
 BuildRequires: systemd
 BuildRequires: chrony
 BuildRequires: systemd-devel
 BuildRequires: ypbind
 BuildRequires: make
+%if %{with SIGCHECK}
+BuildRequires: gnupg2
+%endif
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@ -22,6 +30,13 @@ that supports IPv4 and IPv6 configuration including configuration discovery
 through NDP, DHCPv4 and DHCPv6 protocols.

 %prep
+%if %{with SIGCHECK}
+GPGHOME="$(mktemp -d ./gpghome-XXXXXXX)"
+gpg --homedir "$GPGHOME" --import %{SOURCE4}
+gpg --homedir "$GPGHOME" --verify %{SOURCE3}
+rm -rf "$GPGHOME"
+%endif
+(cd %{_sourcedir} && tr -d '\r' <%{SOURCE3} | sha256sum -c)
 %autosetup

 %build
--- a/roy-marples.name.asc
+++ b/roy-marples.name.asc
@ -0,0 +1,57 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.6
+Comment: Hostname: sks.pod02.fleetstreetops.com
+
+mQENBEkrCoIBCACyCfZ4qEaFPi33OT1EYDziIOb5KnvW3E9zP7O8oHGmhzi+v11XAsShyiQC
+FaKD3QgQ/Ra5TV6mjfjV2fPjSXp6wVy9ojvmIFpvIgu1AQJIqkYl0jpVJFNT1n9RcI3RkZdY
+Ybxkncmp3M8NMhWo0Txpuw6dx2c7gLeQp0PQiwJUPiLS1rUwKQLFGnPfvMu4koCoxeyYydij
+R8XuMmEk3KkYxqDKw81IljwhvOiJa9AVik01GMnEC+9xQcrdaa5+0yqPt3n/9WrGk+yC2oLi
+SjGgJHNB7niU716gf5HVUYrqEdiuVw4+scSjEdCOmRoWcq6D84EIkoXXX0gurSLcHh7xABEB
+AAG0HlJveSBNYXJwbGVzIDxyb3lAbWFycGxlcy5uYW1lPokBHAQTAQIABgUCSSxa7gAKCRBf
+dzkxFbItldFCB/wK+64oQk0Cj0tJ+GPC4bkaa/Jf0xrKBbi6SlkombzoLs0yfcqht1cWYhH6
+a3hKm9OSX2TWJSUD0EljhxMSzmTDyFqTbapi3fsenY740A6rkqmiFSOYv0MpB4alSawIyST+
+xM1fFSHYov86dQdGFAlz1nev1XrmR9dn17ntGvJ2u2HYMQhma8hNXsXHQxxBxlLE41pMNlVO
+F2X3d/0sVLgfXXcIN/q2mf6IUUyOn42NU82vqk5OMT0Tv8fY/OYy2HZVQjni9YVC6X8wcJ7Y
+5iZFoI0K2rjyuCz83r7TDWvQn+Vm7yfTiXU1oeW203dsNbjvuGtKrgdaxprwuc0+OhxqiQE2
+BBMBAgAgBQJJKwqCAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQWX+X6prUVUm6tQf/
+T4V6u5See/+uzZo6ReU7pCINQLKPETT1+RLqCYq+xnrOTguL7dzTFNu3z6qcjeu03G2WoCKr
+Jmp5sFMyN0bZOhesUONdpirc5MiVSy6ddU6bPfss7AWx9/hNO3gdxuFwx4Bc0jZtpt0lzc14
+02ao+ShMn0FMTSXmCzAhO/lfQ3Cs4p/kZAI3jK7wI4Lp/xsC9sGMpOJFo6KZXJlZQNxuiY35
+Tn9ZknXPoBWCHCuJVwaGPihkBjlpf1A/Gd/R+U/+g4vFc5mdQ71RUCkT7CUd/hIXNtw9YR1s
+z2yrf4QGj6H77zHFLLNlCuGRjQOjv2hqAs7cD5Ag+SMHHwHsw5co5IkBOQQTAQIAIwIbAwYL
+CQgHAwIEFQIIAwQWAgMBAh4BAheABQJJPl+PAhkBAAoJEFl/l+qa1FVJhBMIAKgNBVUm5sOu
+FBEx+7rRP1dkU6vFZio0sIWgKtj22TYqqmqfK/0zOMf3ztefkf1F63H2kuwB9r0q+vThzGar
+emDK5m2ewFxFUOm30pj1T/6M2s7Edz5Y8glrIDScRVvpajeCKSWg8hnrxyS053OddrA+vWEW
+fSQPE3OVfeXvv6gtf64ttA7Z/hWEyHlOftZJwHr4RHMO973nnkpffT7tFNBKlI9q/hbBLt8E
+DXtJ7iUBwwL//8GP0e1NIMtFSlYvDDATyd0mUn1CxznVc7oszZ/Txf5jvEZTgWQNWprqvqCV
+QnTSS3fIJmZft0XEyWlzfYg7YqU8a3kXqZBi7CVds6e0JVJveSBNYXJwbGVzIChOZXRCU0Qp
+IDxyb3lATmV0QlNELm9yZz6JARwEEwECAAYFAkk/+kgACgkQX3c5MRWyLZXtJwf+MUN0DsV7
+DmUFOPNOTHmiwcsdDJoKw6Ay2PbJZcrZuQZo0snkXWnKH4YAKoFdppBlRUvOiz8OQ8Z1ySRS
+y4NuVmFHkuOchg0iHy+g3hCwxU1HVMXUTixxsuab9EIJ6VZVCsbQR6l6yW10tZsGX1v+uTJ6
+/hgTojB8uSftVIKzIGxqZrLUKV+lU7BnQB7C1bqYBn9Rj+S33l99M2R1V1QMjXM+VXdO8De1
+5gb9q8oYGAfnHry6b3oL6/yW5hyERNaBHrkk33XXYiyFG9+JamcWfgEtZdw9DGvJqccZljUa
+wWPmB3ILYIt9VZAbxK+23flZB5NTf/KPcmMrqRgB38THsYkBNgQTAQIAIAUCST5fbwIbAwYL
+CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEFl/l+qa1FVJRSEIAINSIaIn+P1xbaRHYGHsZvp5
+naorkabdHJNm7YlfiN50XONCkR8Lw2pYwjQKSYEeuIzJPHJRly/QkmeNWQlVzlFkYI/kFy/U
+pdWNqkCHv1fpq5ZdvSPemRiGiRqFPlLAHObgo0tbI46tfOr9eQrAqRbNGVgguqWE5e37LnwS
+CO5YYKm64pD4ObAcYgr3afBbftnMI/GHrI3IBzLBOGgpjNXP9trSr9e6rOMxFX3MKp5JBJ1z
+cVeQewGdLbq2aimCqmT75P19GBrpg4gPAVo06WGDi7csmfo9ffWFnpetUt+cDCM7zD5tcG/J
+TWyvw+b8ctXoceFtJFkkjHaZGBjkHpKJATgEEwECACIFAkuAGkkCGwMGCwkIBwMCBhUIAgkK
+CwQWAgMBAh4BAheAAAoJEFl/l+qa1FVJHnMH/2zHxpWdNcfMCkOvUo9ZVGjS2K57fKCIb2EH
+whyQPqFcY4OtFYNCJC75s4imY5ym24PCeFxxXG8GLMqgVtK5Bbrnx0UMI68x6UzP+2ap+SBD
+FE7FaudCAbdX48ABkrHdLA7VzB+Bk/AbpqEIKz86o8NFVFdAxMLdwrLdTjGG3figbGEOqBIl
+Fog5c+9ijn8uvhRYW3dIb6b4hQ6laOfmZwKAThVhx3Dk9RBH9DkHe7jD8+PJ05zdCgAa0cx7
+w7C/eMcpNNakPLASpgzCEmVCobgpuoEcZXmEv8hJZYQ3bzzKEIHhzQNd5Ack7r7r5MrFspD6
+y5Q419DybL3NiU9gcdi5AQ0ESSsK+gEIAMOYyNnU8QvuP68M3ODgzy3NgqwUViZCTXKiaJhp
+CgQWTvVYHFMN/DSCBKIWjpJnB11rVlzeRRO6sjOBl9wiIOCcvv20Soc2sRdysTH7K4stgLFI
+FXIqT9QxGeaJwe+loSwjtbrCZW7G90H4DMfhM/VbEZjv817434XNIAd3fn2sykOnwm9B8vMd
+y8jk1/vj+/lmU/YYFkHLKausbkr+FHRaBLJyBBin/Po5D953BaSe/ATN2IGHSfPo0P4hqJ/G
+8Tg8QTeBysDk1UpxePY4Sas/rlkmyi/4ssn65BwsUe9W4BxOjX4XO5Pkg368CVo8/rk13uGq
+zqFFFkShj1BaRtEAEQEAAYkBHwQYAQIACQUCSSsK+gIbDAAKCRBZf5fqmtRVSU5lB/9NdyON
+WDwonoiRs7zNV2bf4+aUSS6G/koWHEuAlTRANWF2mzU52YrmTwqxd139DajXeM3jltWKtFqK
+sswQspG4tqLfKoOWhRdr3HrrSfs5FigPoY5l9Uhl9UlaoxNVFfOybW8a2wmh3Z0ouSieotCN
+OfZlE7yx1CZgL7bLkq27Z0zsZ3ZaMwrZPSbfpR9L7qecur10YzEeP71+se7uDcCUn4mdop6C
+mTu5IXZdtOU69XtFPJeYlTJ9UoH7RTSyTT4Cnj6PRmWTlbcHwfNOBejvUP6ekXr6trbieBXx
+0OuYJlrqr/3dFJ9uVr9c3P0axtoidtsvdpu3viHM2kkn9k7p
+=9NEt
+-----END PGP PUBLIC KEY BLOCK-----
--- a/1
+++ b/1
@ -1 +1,2 @@
 SHA512 (dhcpcd-9.4.0.tar.xz) = e2cff86564062e8d5f9c8f48f245ffa31406494e2fafadedabc1ba9932b534cbda064783ffdd7fb337544459aba2ef7e9b49ad0973120897dc04159747e8635f
+SHA512 (dhcpcd-9.4.0.tar.xz.distinfo.asc) = ab2ae979821db04c754e807ed302a748a08dd859894959e4e687093df728dff4411cfb77e1913522049743e07aa504b778d3f01b5cac5ba55c99e243fd4d9845