From 0968bb5c9bb0e8a6735075f986c7c16a9485a570 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 5 Dec 2019 18:06:48 +0000 Subject: [PATCH] Enable GPG-based source file verification --- .gitignore | 1 + hans-gpg-key.asc | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ lld.spec | 13 ++++++++++-- sources | 1 + 4 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 hans-gpg-key.asc diff --git a/.gitignore b/.gitignore index a0ac3c3..ffbabbd 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ /lld-9.0.0rc2.src.tar.xz /lld-9.0.0rc3.src.tar.xz /lld-9.0.0.src.tar.xz +/lld-9.0.0.src.tar.xz.sig diff --git a/hans-gpg-key.asc b/hans-gpg-key.asc new file mode 100644 index 0000000..4b3cdde --- /dev/null +++ b/hans-gpg-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFS+1SABEACnmkESkY7eZq0GhDjbkWpKmURGk9+ycsfAhA44NqUvf4tk1GPM +5SkJ/fYedYZJaDVhIp98fHgucD0O+vjOzghtgwtITusYjiPHPFBd/MN+MQqSEAP+ +LUa/kjHLjgyXxKhFUIDGVaDWL5tKOA7/AQKl1TyJ8lz89NHQoUHFsF/hu10+qhJe +V65d32MXFehIUSvegh8DrPuExrliSiORO4HOhuc6151dWA4YBWVg4rX5kfKrGMMT +pTWnSSZtgoRhkKW2Ey8cmZUqPuUJIfWyeNVu1e4SFtAivLvu/Ymz2WBJcNA1ZlTr +RCOR5SIRgZ453pQnI/Bzna2nnJ/TV1gGJIGRahj/ini0cs2x1CILfS/YJQ3rWGGo +OxwG0BVmPk0cmLVtyTq8gUPwxcPUd6WcBKhot3TDMlrffZACnQwQjlVjk5S1dEEz +atUfpEuNitU9WOM4jr/gjv36ZNCOWm95YwLhsuci/NddBN8HXhyvs+zYTVZEXa2W +l/FqOdQsQqZBcJjjWckGKhESdd7934+cesGD3O8KaeSGxww7slJrS0+6QJ8oBoAB +P/WCn/y2AiY2syEKp3wYIGJyAbsm542zMZ4nc7pYfSu49mcyhQQICmqN5QvOyYUx +OSqwbAOUNtlOyeRLZNIKoXtTqWDEu5aEiDROTw6Rkq+dIcxPNgOLdeQ3HwARAQAB +tCFIYW5zIFdlbm5ib3JnIDxoYW5zQGNocm9taXVtLm9yZz6JAlUEEwECAD8CGwMG +CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEEtsj5goK5ROOw1cJTD8MELjRa0F0F +Alpd+i0FCQ8FJo0ACgkQD8MELjRa0F3X3A//dBQLm6GmXlQFjxZbukTw0lZsevFR +M/6ljZTxp7bsC+HFzYoaCKv6rikaWzytxk//SOaLKrB4Z9HjAlpBMtyLl2Hk7tcZ +bPpFafNmQ+4KgWNjLXCvt9se8BGrQvGQUrbE6YowbXa2YIgxIVEncFzIECAsp/+N +xbMcZN5/X1PJxKi/N22gP4nn47muN6L3pKez3CXgWnhGYSc7BuD5ALWYH7yMYUem +d4jlXfu5xkBIqirj1arIYC9wmF4ldbLNDPuracc8LmXcSqa5Rpao0s4iVzAD+tkX +vE/73m3rhepwBXxrfk0McXuI9aucf5h4/KkIBzZsaJ6JM1tzlrJzzjaBKJF9OI5T +jA0qTxdGzdPztS8gPaPcMkRFfh9ti0ZDx4VeF3s8sOtmMRHeGEWfxqUAbBUbwFsa +JDu/+8/VO4KijfcuUi8tqJ/JHeosCuGE7TM93LwJu6ZcqMYOPDROE/hsnGm0ZU92 +xedu+07/X1ESHkSFPoaSHD5/DCNa/tXIyJZ8X7gF3eoDP5mSmrJqIqsOBR9WOVYv +dI8i0GHTXbrZj8WXdoS+N8wlyMLLbAS2jvTe7M5RoqbLz4ABOUUnLVoEE0CiccVZ +bW75BPxOfaD0szbinAeX6HDPI7St0MbKrRPjuDXjD0JVkLqFINtZfYLGMLss4tgn +suefr0Bo9ISwG3u5Ag0EVL7VIAEQAOxBxrQesChjrCqKjY5PnSsSYpeb4froucrC +898AFw2DgN/Zz+W7wtSTbtz/GRcCurjzZvN7o2rCuNk0j0+s1sgZZm2BdldlabLy ++UF/kSW1rb5qhfXcGGubu48OMdtSfok9lOc0Q1L4HNlGE4lUBkZzmI7Ykqfl+Bwr +m9rpi54g4ua9PIiiHIAmMoZIcbtOG1KaDr6CoXRk/3g2ZiGUwhq3jFGroiBsKEap +2FJ1bh5NJk2Eg8pV7fMOF7hUQKBZrNOtIPu8hA5WEgku3U3VYjRSI3SDi6QXnDL+ +xHxajiWpKtF3JjZh8y/CCTD8PyP34YjfZuFmkdske5cdx6H0V2UCiH453ncgFVdQ +DXkY4n+0MTzhy2xu0IVVnBxYDYNhi+3MjTHJd9C4xMi9t+5IuEvDAPhgfZjDpQak +EPz6hVmgj0mlKIgRilBRK9/kOxky9utBpGk3jEJGru/hKNloFNspoYtY6zATAr8E +cOgoCFQE0nIktcg3wF9+OCEnV28/a7XZwUZ7Gl/qfOHtdr374wo8kd8R3V8d2G9q +5w0/uCV9NNQ0fGWZDPDoYt6wnPL6gZv/nJM8oZY+u0rC24WwScZIniaryC4JHDas +Ahr2S2CtgCvBgslK6f3gD16KHxPZMBpX73TzOYIhMEP/vXgVJbUD6dYht+U9c4Oh +EDJown0dABEBAAGJAjwEGAECACYCGwwWIQS2yPmCgrlE47DVwlMPwwQuNFrQXQUC +Wl36SwUJDwUmqwAKCRAPwwQuNFrQXT1/D/9YpRDNgaJl3YVDtVZoeQwh7BQ6ULZT +eXFPogYkF2j3VWg8s9UmAs4sg/4a+9KLSantXjX+JFsRv0lQe5Gr/Vl8VQ4LKEXB +fiGmSivjIZ7eopdd3YP2w6G5T3SA4d2CQfsg4rnJPnXIjzKNiSOi368ybnt9fL0Y +2r2aqLTmP6Y7issDUO+J1TW1XHm349JPR0Hl4cTuNnWm4JuX2m2CJEc5XBlDAha9 +pUVs+J5C2D0UFFkyeOzeJPwy6x5ApWHm84n8AjhQSpu1qRKxKXdwei6tkQWWMHui ++TgSY/zCkmD9/oY15Ei5avJ4WgIbTLJUoZMi70riPmU8ThjpzA7S+Nk0g7rMPq+X +l1whjKU/u0udlsrIJjzkh6ftqKUmIkbxYTpjhnEujNrEr5m2S6Z6x3y9E5QagBMR +dxRhfk+HbyACcP/p9rXOzl4M291DoKeAAH70GHniGxyNs9rAoMr/hD5XW/Wrz3dc +KMc2s555E6MZILE2ZiolcRn+bYOMPZtWlbx98t8uqMf49gY4FGQBZAwPglMrx7mr +m7HTIiXahThQGOJg6izJDAD5RwSEGlAcL28T8KAuM6CLLkhlBfQwiKsUBNnh9r8w +V3lB+pV0GhL+3i077gTYfZBRwLzjFdhm9xUKEaZ6rN1BX9lzix4eSNK5nln0jUq1 +67H2IH//2sf8dw== +=ADVe +-----END PGP PUBLIC KEY BLOCK----- diff --git a/lld.spec b/lld.spec index 7a1a7e0..c4bc657 100644 --- a/lld.spec +++ b/lld.spec @@ -1,5 +1,5 @@ #%%global rc_ver 3 -%global baserelease 3 +%global baserelease 4 %global lld_srcdir lld-%{version}%{?rc_ver:rc%{rc_ver}}.src %global maj_ver 9 @@ -14,9 +14,11 @@ Summary: The LLVM Linker License: NCSA URL: http://llvm.org -Source0: http://%{?rc_ver:pre}releases.llvm.org/%{version}/%{?rc_ver:rc%{rc_ver}}/%{lld_srcdir}.tar.xz +Source0: https://%{?rc_ver:pre}releases.llvm.org/%{version}/%{?rc_ver:rc%{rc_ver}}/%{lld_srcdir}.tar.xz Source1: run-lit-tests Source2: lit.lld-test.cfg.py +Source3: https://%{?rc_ver:pre}releases.llvm.org/%{version}/%{?rc_ver:rc%{rc_ver}}/%{lld_srcdir}.tar.xz.sig +Source4: https://releases.llvm.org/9.0.0/hans-gpg-key.asc Patch0: 0001-CMake-Check-for-gtest-headers-even-if-lit.py-is-not-.patch @@ -34,6 +36,9 @@ BuildRequires: python3-rpm-macros BuildRequires: python3-lit BuildRequires: llvm-googletest = %{version} +# For gpg source verification +BuildRequires: gnupg2 + Requires(post): %{_sbindir}/alternatives Requires(preun): %{_sbindir}/alternatives @@ -66,6 +71,7 @@ Requires: llvm-test(major) = %{maj_ver} LLVM regression tests. %prep +%{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE3}' --data='%{SOURCE0}' %autosetup -n %{name}-%{version}%{?rc_ver:rc%{rc_ver}}.src -p1 %build @@ -174,6 +180,9 @@ make -C %{_target_platform} %{?_smp_mflags} check-lld %{_datadir}/lld/lit.lld-test.cfg.py %changelog +* Thu Dec 05 2019 Tom Stellard - 9.0.0-4 +- Enable GPG-based source file verification + * Thu Dec 05 2019 Tom Stellard - 9.0.0-3 - Add lld-test package diff --git a/sources b/sources index d75480d..84293d0 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (lld-9.0.0.src.tar.xz) = bc4812232840ef5edbd8edf1d1a329e85a4bfd3a7859fe322e11dd053435e722c6f1140a718fd2b3524ee9783a357178d2ba30d12519847bd3acc294698007f3 +SHA512 (lld-9.0.0.src.tar.xz.sig) = f16a510d7ba2d86b4abdc3cc073f37ef96f66eae3306cb9b66e38ed5d18bc767300d8b6a7332e22a3efbd3b381a20f84fcc3398b7041cd55481938fd79fffc7b