From 4e0f331329c74aa91c00edd3e9bbea4fe204466e Mon Sep 17 00:00:00 2001
From: Todd Zullinger <tmz@pobox.com>
Date: Thu, 11 Oct 2018 12:13:24 -0400
Subject: [PATCH] Simplify gpg verification of Source0

The verification was simplified slightly in 903d8f3 ("Remove EL-5 and
old Fedora conditionals", 2017-07-22).

Further simplifications:

    - do away with unneeded variables
    - drop '--batch' and '>/dev/null' from gpg2 --dearmor
    - check tarball signature via stdin

The "noisy output from GnuPG 2.0" alluded to on EL <= 7 is no longer
present.  This has been tested in mock for el6, el7, and fedora
releases.
---
 git.spec | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/git.spec b/git.spec
index b70b034..57e981b 100644
--- a/git.spec
+++ b/git.spec
@@ -431,16 +431,12 @@ Requires:       subversion
 %prep
 # Verify GPG signatures
 gpghome="$(mktemp -qd)" # Ensure we don't use any existing gpg keyrings
-key="%{SOURCE9}"
-src="%{SOURCE0}"
-# Ignore noisy output from GnuPG 2.0, used on EL <= 7
-# https://bugs.gnupg.org/gnupg/issue1555
-gpg2 --dearmor --quiet --batch --yes $key >/dev/null
-# Upstream signs the uncompressed tarballs
-tar=${src/%.xz/}
-xz -dc $src > $tar
-gpgv2 --homedir "$gpghome" --quiet --keyring $key.gpg $tar.sign $tar
-rm -rf "$tar" "$gpghome" # Cleanup tar files and tmp gpg home dir
+# Convert the ascii-armored key to binary
+# (use --yes to ensure an existing dearmored key is overwritten)
+gpg2 --homedir "$gpghome" --dearmor --quiet --yes %{SOURCE9}
+xz -dc %{SOURCE0} | # Upstream signs the uncompressed tarballs
+    gpgv2 --homedir "$gpghome" --quiet --keyring %{SOURCE9}.gpg %{SOURCE1} -
+rm -rf "$gpghome" # Cleanup tmp gpg home dir
 
 # Ensure a blank line follows autosetup, el6 chokes otherwise
 # https://bugzilla.redhat.com/1310704
@@ -920,6 +916,7 @@ make -C contrib/credential/netrc/ testverbose
 %changelog
 * Tue Oct 23 2018 Todd Zullinger <tmz@pobox.com>
 - Skip test BuildRequires when --without tests is used
+- Simplify gpg verification of Source0
 
 * Mon Oct 22 2018 Pavel Cahyna <pcahyna@redhat.com> - 2.19.1-2
 - Update condition for the t5540-http-push-webdav test for future RHEL