From cc71597c8bc44f3d7e54ebb49bf59432929b9bbf Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mon, 9 Jan 2023 10:44:40 +0100 Subject: [PATCH] verify GPG signature of upstream tarball when building the package --- .gitignore | 1 + libnice.spec | 15 +++++++++++++-- olivier.pgp | 44 ++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 4 files changed, 59 insertions(+), 2 deletions(-) create mode 100644 olivier.pgp diff --git a/.gitignore b/.gitignore index 97f428b..240d4fa 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /libnice-0.1.[0-9][0-9].tar.gz +/libnice-0.1.[0-9][0-9].tar.gz.asc diff --git a/libnice.spec b/libnice.spec index c4e8ef5..8acf17a 100644 --- a/libnice.spec +++ b/libnice.spec @@ -1,15 +1,22 @@ Name: libnice Version: 0.1.21 -Release: 1%{?dist} +Release: 2%{?dist} Summary: GLib ICE implementation License: LGPLv2 and MPLv1.1 -URL: https://nice.freedesktop.org/wiki/ +URL: https://nice.freedesktop.org/ Source0: https://nice.freedesktop.org/releases/%{name}-%{version}.tar.gz +Source1: https://nice.freedesktop.org/releases/%{name}-%{version}.tar.gz.asc + +# gpg --recv-keys 1D388E5A4ED9A2BB +# gpg --output olivier.pgp --armor --export olivier.crete@ocrete.ca +Source2: olivier.pgp + # Build against the new gupnp-igd Patch0: libnice-gupnp-1.6.patch BuildRequires: glib2-devel +BuildRequires: gnupg2 BuildRequires: gnutls-devel >= 2.12.0 BuildRequires: gobject-introspection-devel BuildRequires: gstreamer1-devel >= 0.11.91 @@ -50,6 +57,7 @@ developing applications that use %{name}. %prep %autosetup -p1 +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' # disable tests that don't work in koji environment sed \ @@ -99,6 +107,9 @@ sed \ %changelog +* Mon Jan 09 2023 Kamil Dudka - 0.1.21-2 +- verify GPG signature of upstream tarball when building the package + * Sun Jan 08 2023 Stefan Becker - 0.1.21-1 - Update to 0.1.21 (#2158912) diff --git a/olivier.pgp b/olivier.pgp new file mode 100644 index 0000000..b95ffa8 --- /dev/null +++ b/olivier.pgp @@ -0,0 +1,44 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBD++e58RBAD7/GyewUb3WQJ6xgiwxWNzNQzVDh0N3+BmkLz4ljof87pzsYr6 +s8S4XTHgq+V7uV/1Fx9aOH9ke6mZnbhESAZUPLfLdcZF+VcsE6N8vpb/tyV7fquN +PPQ1jbqH6uaAvmFduKNK2DtAGshtYxblYr0R/Qw8JzHpoLWbJUuHWw3D+wCggDwV +/S1jf8WqKPqXj16dJPJ9YFcD/1atQe+84YrhJ5tON9r6moJjaQn8QDgZX2trzhkc +cvfePSXP3sFO1Yoc5+G9mmWyIUsoqYrTq591lBON+ywo7fQ9iAWUVm8vIomM033j +pdbDaJuZygoCgPDpHYiZdxnvKxjVlN/295uEilZA4Kv1IBD/cZDn1FHUmZx4jQZL +jFdhA/9oW4RXFilujTAoWpFbLFikGAvS8FeQRzVXwPZkezu8QaPBfUK4V6ulMu1d +AvHKXWDkvrCExVmFItSpFQ74O7IbEx1FKhs0azpG6ogLm/dMMjEzJZ1Efm4pvruy +fKpqkP0u/BZeAtOWukUAlOQa0hPl9ppbaS8v7KBBN+7BXkQ8DrQoT2xpdmllciBD +csOqdGUgPG9saXZpZXIuY3JldGVAb2NyZXRlLmNhPoiCBBMRAgBCAhsDBgsJCAcD +AgYVCAIJCgsEFgIDAQIeAQIXgAIZARYhBNswsIb6+GznKW+txR04jlpO2aK7BQJe +IjYzBQkf1IJhAAoJEB04jlpO2aK7ELQAn2hLb/9znZ8pB3stmvEAORlf6a1hAJ0Q +yV9UC1utqdV3MH7Btf/1zsbyr7QZVGVzdGVyIDx0ZXN0ZXJAdGVzdGVyLmNhPoh7 +BBMRAgA7AhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAFiEE2zCwhvr4bOcpb63FHTiO +Wk7ZorsFAl4iNjMFCR/UgmEACgkQHTiOWk7ZorscQQCfTbe+ubF8bbFpxeicJHk+ +AW6qeMwAn2briO8jtE6rxRwiwxSP+1jSL/TytCFPbGl2aWVyIENyw6p0ZSA8dGVz +dGVyQHRlc3Rlci5jYT6IewQTEQIAOwIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgBYh +BNswsIb6+GznKW+txR04jlpO2aK7BQJeIjYzBQkf1IJhAAoJEB04jlpO2aK7ZHkA +n1ypYfrdWpJI91RH81EmLW5o4ZWvAJwPhqSB7IgMluxG1QsO8p00dDGDO7QsT2xp +dmllciBDcsOqdGUgPG9saXZpZXIuY3JldGVAY29sbGFib3JhLmNvbT6IfwQTEQIA +PwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQTbMLCG+vhs5ylvrcUdOI5a +TtmiuwUCXiI2MwUJH9SCYQAKCRAdOI5aTtmiuyYGAJ9LAyerZjWUcmYlDAldg47q +6JIWhACdGsPIdYRhUBnuAOCD+4n5G1HSU/u0Lk9saXZpZXIgQ3LDqnRlIDxvbGl2 +aWVyLmNyZXRlQGNvbGxhYm9yYS5jby51az6IfQQTEQIAPQIbAwYLCQgHAwIEFQII +AwQWAgMBAh4BAheAFiEE2zCwhvr4bOcpb63FHTiOWk7ZorsFAl4iNjMFCR/UgmEA +CgkQHTiOWk7Zors0qwCfQe81x9lb54zdyUJuPFY//pYcLAEAnj9OHwMkv6CKDINe +dKBKrV6GxphXtC9PbGl2ZXIgQ3LDg8KqdGUgPG9saXZpZXIuY3JldGVAY29sbGFi +b3JhLmNvLnVrPohWBDARAgAWBQJJlVilDx0gVVRGLTggbm9vYmluZwAKCRAdOI5a +Ttmiuww9AJ973gxmQU4qe7Kn6JtvW2mLpGK4BQCcDeEY3JLglLTgpvnjIlHWxdBr +XBi0NU9saXZpZXIgQ3LDqnRlIChHZW50b28gRGV2ZWxvcGVyKSA8dGVzdGVyQGdl +bnRvby5vcmc+iEkEMBECAAkFAlRXguECHQAACgkQHTiOWk7ZorujswCfeUH82tom +FJA2qigVJH6K3t8uWyYAn2Tl9aB1OYroSE+slmhb9CpKWFDJuQENBD++e6MQBADo +K/tzUsxRK4xqRsJveNft6yzvXUmhvgiqqbIkYMP9Y0fmHC0VsYknyVEpnUNmVzJw +fJ48DH2ryLibHwEUwG5fMb0tboHgRLsJnini9a0NUl62VWvg7rINRRznQIu+lrdH +MYGg2U8BY0CTx+sfpl6xpXcKDjgxglwojLrImsrqPwADBQP/QJ9X4h8I6fyKbsqp +Xp0Fhsa70JTOwpO0jp8DOQdL14ZPYR3yTx1cmjuZVwk9PkSWVHLLYOHm1CBHw5P/ +aLTrZccchz6Tpq5Vy4P53sUJO7iUNpmF1exMUW4A2+XRtcwRC+u6Bn8aenrGZXPq +p8lqcz0FuYhLaASVGtWJAqp/AHeITwQYEQIADwIbDAUCWrZplAUJHNkhbwAKCRAd +OI5aTtmiu3LZAJ9JueQbqA7t4N/OSttHJu1KyTs4HwCfR+16UYPqO4HitgmY7cdn +AhB1cJM= +=drtG +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index c84aec9..c488974 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (libnice-0.1.21.tar.gz) = acbd1e0e8aacb0a65cad5b70b470a74a7c4a4f1306bc4e17cd4fd899f2fae2bb538bd099e6c0f9cba6bb9a38e95bc14087aa4f77f6aa5b70d6398179783c6e26 +SHA512 (libnice-0.1.21.tar.gz.asc) = cf996afde729869d5d2bfa271a423b3fb664c442d5b3145dfcfdc85bc1d1fba23cfc2e840ef8e413446c7c82c5cc976b6d03fc5f6bb62d564948fbe96944b1d2