From fb70dcda8570db64513630c3e62352af973a9987 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Sat, 21 Oct 2023 01:13:32 +0200 Subject: [PATCH] Check GPG signature Signed-off-by: Peter Lemenkov --- 6E6EF9A0BA478006E2776E4CC037BB413134D111.gpg | Bin 0 -> 3839 bytes flashrom.spec | 28 +++++++++++++++---- 2 files changed, 22 insertions(+), 6 deletions(-) create mode 100644 6E6EF9A0BA478006E2776E4CC037BB413134D111.gpg diff --git a/6E6EF9A0BA478006E2776E4CC037BB413134D111.gpg b/6E6EF9A0BA478006E2776E4CC037BB413134D111.gpg new file mode 100644 index 0000000000000000000000000000000000000000..c0e7f2029b56a4820ff06351d7d0edc7d0e01f94 GIT binary patch literal 3839 zcmb`~c|6ql9|!QSF_UAQD@>vpg(Ua&Gj0+&lUvF?j+hzDV8-N@J4fzwM#V;oGDaxc zii)zOBx=&;CQD%r<5=77wticA?Bn;_Kj-t;^YMDm>;0Z7VmS}iT3!6e4+e_hc7#j3 z3OC=csIw)oH*HMzUW{9oP4D(MDV)xsZ&Y6JEu4F)Zvt~-x#m5Q847tVBTln_N~!Wa zAozy#ESIoO;jdM407m)g3S=iEwfVvaahrl!~~k%l3&`WoS12#(<560ko4NDE&!%jn5{>rPcNPr zZmQ}4nV%dCyz<>pskl;n86!+#0AJ~Qd|kFQ8*Sw;{Nsg&m$U6f*57Re{jedDt;=b9 z@F#{OaLu!WHk$2X#OK4h5hO8>tM8&;arnu_pB`5}g!WOr8l7=dZSIO@UGC1>MP#vP zlRcvTNZ$lbIEIc0NN`_osH_g-HgG8Qd_`1+^xdn+>=AXBvVP13b!FPhw5?GPhYa%t zR~(zeUkA(^S6zQ%X8Sn&R9%I>;#pJ5of1`|~k>KR~tt zzj&AU){kxUdAN*Bqn1UfC`lhES6IlwU%7i>VqkXFWo+tn?yD3}E2`ud*w0E|EY>#= zCGUkr>n0OE88tSIzl*+$gr(2XJ4bnBq_>`4p5Q`SQL^q zO(!Kz9DxzuE64b&nW$3te*xS~Gspw;DMTD`^8*?u?~VGBxD7~P;!FQlV)#{njPG$k z_Lec$>J`o*>mkrwE-S1LP$s|?pJjW?2N((9RqjWq9I_}DP5VlQe-N=jD2%5+7Wey{ z|DNIh0VF#EWjnp9d61oLlgm6cKEOj$9qUz@Fo05Y@)(qVRbk^Pcyzy*6O(YvG3pUj z>RTCp2Kr-su>Wd=RtZ1}n?GEww@}em=^>ZB=3;q=p*Q$7KuJ#=i%SJ7lMK5e?HpD` z#^_hNuYEhh|E|j4Bm8oV+k`4uy>-TNhk;^HUwC1hX61;d?3!z_(#sLEf9aI@uqmD&UC@9QCtM|t^Suz^@#;^#QGBe`$W`mI_@ z6;Q4gzqeo|OW2{X`oZ98LeHa=>sU6>NryN_|kbfe(N$V4BNidpX0KtXhT?X8;RH4tZ! zxpf8ibF=&B4^ySTHt;|9j@;J86Zwg#w*8(K_zG@wl>*m>F>2VckWP^?pIe@tSWB{I@%Z z3kvkW`Tgr#l1~UIm)ye%uUR#`H;{5v_P^|Y9JEkF)3urb+_#!FT{htu<#B54di zqlHn$zcq1ODDICl7z|eA2LVbDkcn&70U0rbt-bAG1PUD#h$W&?7(4=x3PEokeLTt= zfyE${6%|$G6xHQa6t^}7E)S4{AJaZq3gt?dMV}La)va{j#dFgD${G5~n0C^KLxs{t zqr`eEYhqd(Kt*h;`t9&-MS1>@sI$`m*&%dV?RxBe9zQvfA25S-n@j243y?h)pob2) zR}!LI-^E+)2Ob)sFCv@4+?&5cmxB5DfV0*m*yF{!PPUjoGx%6JOxw5YRn!wWx^$^; zQI#8E`BT17X3XNgvuPT#$2l^*3F7mryKNTL8HDiz;};x>l37x5Oq6wpg}P&_!pzWX z_gLG07-USu>C~CT)z_HQ^uo%crBKf>#ifuo?abKmU3U}_yEzhEe`a>?mfct0(5iFB znU$Z##)@8f&iQK8d#$Di8Ad%`tvfpxNvwmu1%@F_ogneV^4V*Fdy^8Pm4{62ARK)= zdf@@77tNS%_iAfaRMf(0e7m}AF3b6q9$|IQe15RGYyFp{RIdD{ksK%51MBAQo8pj^ zsyym#+C{fRsVX?>uJVeZ{E}q_?&h+oJuZC>^QRTu233q_O%{*BcbW*SHH@^XO+tr^ z=RQDPmGP;aaO&uLTk!}k465hJuDTXAZ_$MsVvneU`xj9kh)%-{JAe z5_keUZ@5S;(hCcB9%_H-?bQ;~e{@8wwJd@&YRy1iDoK%EFg{Uk5n-vxyfbt+p7t!q ze-t`YFFCm4^70vU1#D&~+sb&eH0c1Rj&lncHTzc1&3a@!qIJ3r94m=&Znr!0f|W-p ztPd-CD%wY~OiSXBkfGN!+I+4gg+seDU796)?5V7Mft&LIdp40HZZ?=Yr#j+7ke#k@ zN?%h1VYhiv+`AQt8*c5p*(#;y0agg_hNbvQwuMsDs2OnKYAZZKTGBu)K#I zv$SI~p2CLgvNs68FY9aG&0hQgVlr@cP1jyY(H6!{LDhA;CKW6ZIr!$|FNInt?Z^5r zi8b|_+&X#_7o+;-6l0|0k&kysMeP#~p3lgoi2OKx^=hBVTgE#9<;r2U@Z#A-)cg-H zseYH~TAsGxQcom2mfsDJx$#=@-gMkJ=9Zr!O%=j zmE=+}n%|;JzMWtcQC-NZt%OB0o)|xvPn-;eVq#g}(kDg>f>-!{bk2X-e?HFulaYFC zO`K_Yx+tMG+zxiKVg2ecSGkO2{YkfcskZ5;Bq(s3gw?yKN6%lxdS<4cn(nT}xh=?K ztz;Fd7n^z=-1(+rUgoaB1GZ!o7`FKrMr^y|T=lh6C-oX2A8#}tK?TE>bTZx~RWOhi fs=h0_K$*~Eb)|uMrReih0|frIR@iNh57oZ{Sw977 literal 0 HcmV?d00001 diff --git a/flashrom.spec b/flashrom.spec index 894f605..e72bea3 100644 --- a/flashrom.spec +++ b/flashrom.spec @@ -1,21 +1,33 @@ Name: flashrom Version: 1.3.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Simple program for reading/writing flash chips content License: GPL-2.0-only URL: https://flashrom.org Source0: https://download.flashrom.org/releases/%{name}-v%{version}.tar.bz2 - -BuildRequires: gnupg2 +Source1: https://download.flashrom.org/releases/%{name}-v%{version}.tar.bz2.asc +# Find which key was used for signing the release: +# +# $ LANG=C gpg --verify flashrom-v1.3.0.tar.bz2.asc flashrom-v1.3.0.tar.bz2 +# gpg: Signature made Wed Feb 8 03:57:51 2023 CET +# gpg: using DSA key 6E6EF9A0BA478006E2776E4CC037BB413134D111 +# gpg: Can't check signature: No public key +# +# Now export the key required as follows: +# +# gpg --no-default-keyring --keyring ./keyring.gpg --keyserver keyserver.ubuntu.com --recv-key 6E6EF9A0BA478006E2776E4CC037BB413134D111 +# gpg --no-default-keyring --keyring ./keyring.gpg --output 6E6EF9A0BA478006E2776E4CC037BB413134D111.gpg --export +Source2: 6E6EF9A0BA478006E2776E4CC037BB413134D111.gpg BuildRequires: gcc -BuildRequires: meson -BuildRequires: pciutils-devel +BuildRequires: gnupg2 %if ! 0%{?rhel} -BuildRequires: libjaylink-devel BuildRequires: libftdi-devel +BuildRequires: libjaylink-devel %endif BuildRequires: libusb1-devel +BuildRequires: meson +BuildRequires: pciutils-devel BuildRequires: systemd BuildRequires: zlib-devel %ifarch %{ix86} x86_64 aarch64 @@ -41,6 +53,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release} Files for development with %{name}. %prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %autosetup -p1 -n %{name}-v%{version} # Replace GROUP="plugdev" specifiers with TAG+="uaccess" sed -e 's/MODE="[0-9]*", GROUP="plugdev"/TAG+="uaccess"/g' util/flashrom_udev.rules -i @@ -70,6 +83,9 @@ rm %{buildroot}/%{_libdir}/libflashrom.a %{_libdir}/pkgconfig/flashrom.pc %changelog +* Sat Oct 21 2023 Peter Lemenkov - 1.3.0-4 +- Check GPG signature + * Wed Jul 19 2023 Fedora Release Engineering - 1.3.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild