verify upstream source signature
Per the packaging guidelines¹. Update URL to use https as well. While adjusting the git ignore rules for the signature file, also remove many older tarball entries and an incorrect entry for the spec file. Replace them with simple globs. Ignore expanded source directories as well. ¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
This commit is contained in:
Todd Zullinger
parent
b2efabc236
commit
465e10101d
38
.gitignore
vendored
38
.gitignore
vendored
@ -1,36 +1,2 @@
|
||||
/libtpms-0.5.1.tgz
|
||||
/libtpms-0.5.1.tar.gz
|
||||
/libtpms-0.5.2.tar.gz
|
||||
/libtpms-20180914.tar.xz
|
||||
/libtpms.spec
|
||||
/make-git-snapshot.sh
|
||||
/libtpms-20180917.tar.xz
|
||||
/libtpms-20180918.tar.xz
|
||||
/libtpms-20181031.tar.xz
|
||||
/libtpms-20181211.tar.xz
|
||||
/libtpms-20190121.tar.xz
|
||||
/libtpms-20190510.tar.xz
|
||||
/libtpms-20190719.tar.xz
|
||||
/libtpms-20191008.tar.xz
|
||||
/libtpms-20191018.tar.xz
|
||||
/libtpms-20200520.tar.xz
|
||||
/libtpms-20200527.tar.xz
|
||||
/libtpms-20200731.tar.xz
|
||||
/libtpms-20201031.tar.xz
|
||||
/libtpms-20210218.tar.xz
|
||||
/libtpms-20210225.tar.xz
|
||||
/libtpms-20210227.tar.xz
|
||||
/libtpms-20210301.tar.xz
|
||||
/libtpms-20210601.tar.xz
|
||||
/libtpms-20210624.tar.xz
|
||||
/libtpms-20210901.tar.xz
|
||||
/libtpms-20210910.tar.xz
|
||||
/libtpms-20210916.tar.xz
|
||||
/libtpms-20211004.tar.xz
|
||||
/libtpms-20211126.tar.xz
|
||||
/libtpms-20220106.tar.xz
|
||||
/libtpms-20220307.tar.xz
|
||||
/libtpms-20220425.tar.xz
|
||||
/libtpms-0.9.4.tar.gz
|
||||
/libtpms-0.9.5.tar.gz
|
||||
/libtpms-0.9.6.tar.gz
|
||||
/libtpms-*/
|
||||
/libtpms-*.tar.gz*
|
||||
|
||||
18
gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
Normal file
18
gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQENBFnVA4YBCAD3fs+WUzvB6OPoj0HhvBlemEV6I8AcDwZHCNvA4UMc03sSVl/Q
|
||||
tDr4WuZd1v9utvi0xHjsTHbF1ndsgNkNzisvTIBHptcxw+Z3+VskOl3GTsfiKG22
|
||||
OfZJsdXfhjYW/Oezl2IVy6/QqOV0JeEtV3J10gCHR/5PKhOy+pP/8jlw3EA8GYtY
|
||||
ojM4znfEXHh6vx//hbf8FVMlVcKwUKHB1zHhM5jF9Kx4ZLU8rYHkMiXXbzdWBkCa
|
||||
L6E2P2T01hQ1wPpowU9aL/zLt7ISiKMcYLvZJYcgX3quPVSXJRG+y3q3lXv1IOrV
|
||||
HoGJLdkNu/0bLJoeNBFXiEGs7+tfk4XAjBTTABEBAAG0KlN0ZWZhbiBCZXJnZXIg
|
||||
PHN0ZWZhbmJAbGludXgudm5ldC5pYm0uY29tPokBPgQTAQIAKAUCWdUDhgIbAwUJ
|
||||
EswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQda1lgCoLQhENQQf/XmyD
|
||||
zWL5VSAKbDKcpI5t0PjiC/Brrs1xNtKLht5le4UdhAH6e/y+3H6lhoJCNbHGBE7r
|
||||
cAM/LVv8MT+4WXhLvRDUkn6Z5cSiMx0ANWDABCHGI3+z2imqI5XjB5fwFq2FIRdu
|
||||
MUhWRhxSYHDd4E0BN2FvHNUhqm60QlLCrH9zjar8XcJQ1lnDgcSDP9EWENZizYW9
|
||||
W5DKFiWR4vMXU0lvDpAYyDR1EU4pfnoMDc/19MoI3oR+wP0ELXI52CG0w4Lcs+Y5
|
||||
8ywb0/El789qRTNQG6bPcZYx6KrRNq8KSrtNY20ID2tyM4boRQ412mD87x/kNWqU
|
||||
CHklMi79wKcJ7OA73g==
|
||||
=l1ZJ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
12
libtpms.spec
12
libtpms.spec
@ -1,17 +1,21 @@
|
||||
Name: libtpms
|
||||
Version: 0.9.6
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Library providing Trusted Platform Module (TPM) functionality
|
||||
License: BSD
|
||||
|
||||
URL: http://github.com/stefanberger/libtpms
|
||||
URL: https://github.com/stefanberger/libtpms
|
||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Source1: %{url}/releases/download/v%{version}/v%{version}.tar.gz.asc#/%{name}-%{version}.tar.gz.asc
|
||||
# https://github.com/stefanberger.gpg
|
||||
Source2: gpgkey-B818B9CADF9089C2D5CEC66B75AD65802A0B4211.asc
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: gawk
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: libtool
|
||||
BuildRequires: make
|
||||
BuildRequires: openssl-devel
|
||||
@ -30,6 +34,7 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
Libtpms header files and documentation.
|
||||
|
||||
%prep
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
@ -58,6 +63,9 @@ make check
|
||||
%{_mandir}/man3/TPM*
|
||||
|
||||
%changelog
|
||||
* Sat Mar 18 2023 Todd Zullinger <tmz@pobox.com> - 0.9.6-2
|
||||
- verify upstream source signature
|
||||
|
||||
* Tue Feb 28 2023 Stefan Berger <stefanb@linux.ibm.com> - 0.9.6-1
|
||||
- Build of libtpms 0.9.6 with fixes for CVE-2023-1017 & CVE-2023-1018
|
||||
|
||||
|
||||
1
sources
1
sources
@ -1 +1,2 @@
|
||||
SHA512 (libtpms-0.9.6.tar.gz) = 35f26e4849eb98cd73461aff439c19f77bbbcde9b7661402e3d419354c4dcddd057349c4f7178573f1ceea2e95326498eb9afea3bd48064bbff534fc7f6939c3
|
||||
SHA512 (libtpms-0.9.6.tar.gz.asc) = 595d4e4a227357cb9154e024d92701aed170c5730a0b999622415ce509d0473366fbc2c4242f3c81b5e0233b74a7e79c1731f95d425944e6cc4498001b149531
|
||||
|
||||
Loading…
Reference in New Issue
Block a user