Verify GPG signature of upstream tarball when building the package
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures > Any detached signature file (e.g. foo.tar.gz.asc or foo.tar.gz.sig) must be > uploaded to the package lookaside cache alongside the source code, while > the keyring must be committed directly to the package SCM.
This commit is contained in:
Miro Hrončok
Kamil Dudka
parent
8b50102fb5
commit
801f8124ba
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
/logrotate-[0-9.]*.tar.xz
|
||||
/logrotate-[0-9.]*.tar.xz.asc
|
||||
|
||||
52
kdudka.pgp
Normal file
52
kdudka.pgp
Normal file
@ -0,0 +1,52 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBFgjU54BEACwGTSIP9AVBahlfv/y4snLRvlU4UWWqn8bxjh/GFTVs+l8gqOD
|
||||
3dT9AhbnMWfvr94nA6dXVVx8t8akn3ybVLKeii3vOSel8ayAnIXYjtowPh/TlheO
|
||||
BSo4EcVo0IFLtiUhC0XHMngITkr6mGphzKOAjS5Kur1j09tawhWMtgeDWw9dZnvc
|
||||
mH7f03mwvFv49YYqztaKcGvWlrLjj1O18Un5euGx18L+udG3RfeWMpzinwvcv2n7
|
||||
sH45FVqH6wu/okOJkXShsD883NRlz652knvzuUZNqcc+l/uNm8FVB8hH7qvKJu7P
|
||||
v1HpNSYlLqRpAREepYxdb/KJEJ5X3EoczLHM1zugB6cRi9REQ5rt1dqS8VOn5Svw
|
||||
v4OZZUjZf/LvAB3KOl5RI40pa8zAI/ymxTZ6qZzFOp7u8XEy3GzURrYBMKJIW03Z
|
||||
E61RI+7SJKr4yeboWSfYJbV6RQJyu8X77H9L0F6O+LHoLSoHIRmkcniwEMwl5THV
|
||||
tUl9Daxgey+qNq1twLLV6vx8f8eyuPCdeP6ZhhUhOH4sAyh0oGZMHxiNhAFeyRdo
|
||||
JqTXfgqLX39jwH54eJ3Cbhndwu47glipMO1HQX1XS5Rt7LfEMCTLUGSFW1xljLOI
|
||||
8d9fExEyTzJMVIsQJoaAvPEX4cfhcAUFQLijPkt29Wvv3WsAIVFEgoLMNwARAQAB
|
||||
tB9LYW1pbCBEdWRrYSA8a2R1ZGthQHJlZGhhdC5jb20+iQJUBBMBCAA+AhsDBQsJ
|
||||
CAcCBhUICQoLAgQWAgMBAh4BAheAFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAl+1
|
||||
eU8FCQ8W87EACgkQhz2zdXKjezaYpw//UwiegIs8Xe79CERudpz7AM0BbRE6VaAU
|
||||
QP1dMsTzIUU3HqpRrRfuCLIcbbUb7lCzAmu0SShvrt1ZUY87RXZQDJFsbHneHIKb
|
||||
wIxIr6bRtwv1+I9A6bIWYDPdjgost4v2O2GdvDegdC6aDFJa6p7uYF3YqR1GvlCN
|
||||
RC0DPvoZLIaHO7q+9o9WN6pe1OBmHdkzfJue9FmJxUhXGhaFGNQ/E9ahZRWv7D4e
|
||||
3fxH8B2lqgmLGAYsbMjgiOJFxcbIWMzltIj0hJ1x3ajUdY1B6rLf6QcgXnKJIXVR
|
||||
Svp0s283PfhnCzoXvKFvBuUaXQfNsW3MnIJFJEWDuy1TzMdK44AmQp8iQTGVIajd
|
||||
2Wdmxxd54dl3GjuHPXXJZ92DG5H52cC+4TZuM4yH9gvOxwtdIafOSkvtTHYh4POF
|
||||
piqiM67UG2a8JkW7CKPGFqfrdkM+yOfU31ouHL68q3XIpkB4z1f2w6mscdW2d7AQ
|
||||
3VLpb+WCeoWRy6HrRYAJZjs78Rea8N9dSzUOI2ac2OUR9Mqp6TMXed6V+6b1ogbI
|
||||
4I0Ni8562kPFxnjiTUhrcXNroBvQUktkEXjuk5ZOG/fJaL0lN39Cq9ImznCEGuvn
|
||||
mb+sZ//kH7N5w8tTc3mK4NvQw8LkDyS5LItx1H2Gzybxsl5d0OajJpUY4PZeppjH
|
||||
rxXke/QpXHq5Ag0EWCNTngEQALkRI0PUaVE9j19uyjINlxb/3nwKHmbTChQzPJFn
|
||||
adUwbmXfChmK/vyE8XBaIFIWSJ/94W9Y1/aGPlK4my7GqkiS4q6Lf32YWBNqihvH
|
||||
mxKuIYv2+6Z8E34yRFwmbA20RpZCy7AGIg0/LACfM4Bw+DVUhTRMl2O/muKrxd/O
|
||||
/WLn30RoYG+D4+mE0xJu+XsHivx2DqvdkKO+Rzo8131ByiWOk6P37McFtYiPjEjh
|
||||
ztTBcnNjd+a3xB/XDHd1Lcs7GmBqw0X10KnxC8xSzSqGSRFYF1aJYdxhayxXGJz/
|
||||
p1Dd6mt2eT46rYUGhFWlFH7FXGsWapR8ELY42clcFgGmQ7Yps+dZ6Kx8HnEYKsIY
|
||||
ONBqjS/dTKSrOMvkCSY0CwiCjKPM5uan5lQ9GMwbEZOQ5dcEVJOiVSfneeYpEjD/
|
||||
oyapPrDefdsCD5Gvt2kSbDZSDR5GeO8epZ02hu/zMQxDayqdLTxAaDByDVTvRCnc
|
||||
BLDcpvzXVAUdjIkfzDqZlLRgZu/8oNjOpWypUEE0mQfus6fDOLrt1h/0SqcJar70
|
||||
mi0QzBlOLrksJerXygDYJus80trCJPbr5DkCy2nQdfaeUissbt4kJTBirhhMtuyZ
|
||||
bBOQ42qm5pGef74hye1dCUddlBcb/BmIecsQ5a7EegKBDoU6ZsLcs5xnPgNwJa5U
|
||||
5VstABEBAAGJAjwEGAEIACYCGwwWIQSZKpbgdQVuec2CFPmHPbN1cqN7NgUCX7V5
|
||||
agUJDxbzzAAKCRCHPbN1cqN7NiVdEACGZX+sMSfpW47ARmsg9EsWh983SafWEi4V
|
||||
Gp3bRgOM3X4hwp8iFS/jpD8iNQpiRztSAx6s0l2pirAKFiKaaHrarVrYM4lrSoau
|
||||
J1LeWeAy9jHRstk21Iu/myM8gfBdl9tOlrdv5NhD98tCdE/2hTtOLlZbYboNl+ug
|
||||
0g/3yM4KPgqXLvVpS3QBoiueTfFoSawb20lZCcDon43BGg+wS/2j7Vu9Q1Dj3fEz
|
||||
+QV4S7JvMFP6MYV2ITvj3xajXpRkuNG8s76o/u8m2PYQ77sAl+mN446Lp+bwdQeE
|
||||
s7j79i/2kk+djVDtgTGyRyDD/4drXOMtVKRpxDDp1YOl896cRP4PJWNK8oLlF8IY
|
||||
ItdhN/UijK6hZoXLyQDK/DQfmTjpGEQTzFCNW8CdwvTSjK7o6lJZtrv4R4rBJ3Sd
|
||||
kcr9rQO/uGlYblzX70iXQMKpiCb1xo3MBCUFfiq05sTNVzRNVleo9nVf0WhCgnl7
|
||||
M9Tojh31sra9IzDAy9exga8dD/tvnebYjXYmGXfQyrPAnSSTLSjAQmlNzgx8FM96
|
||||
WB+XJDJFALy/MV35XKi9c5SLE3hSPEhqrwnTQ5g3jOPrexhUZR6w0qDXVoQH/3p0
|
||||
vXqQ3yx3yrREeBOW6qhHeYk3w2z7EAg4nNovAHgd68zXE9ZfCAGfWIerZsOuhdHS
|
||||
lwvfpMesuQ==
|
||||
=XhUt
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmHYAiwACgkQhz2zdXKj
|
||||
ezYGlA//cGjoPxXWWGpdY6RxUBf9LLVVdTObkcx5P/4IUalR1md49ysk3Cw8XrGG
|
||||
SbhFgTmrW4l+0ZRLaGXsSqEqKrMyUhGxQfRAOZIoOg3f84pPTG5evPcc3Xlp0o/C
|
||||
ki/SQdjregUdrizsASis9lqp5o94RtH5p5NcUjj2/C0vaH08WzVtasSXp7L+02an
|
||||
ewCytUYQJT32Nzukg1v1mY/+9il2yA1cXqU6IEkJR4opXvZ4kq6PMe0+AuQs0MkD
|
||||
3/qkWiP98RUmrWfx6lDUSSTOts3xmpuxzKwnRsaJk8rSAm4VSTDbfotPpjEQM0it
|
||||
+XtOzCiMdRLZ5hUzIerPdTs4SY696Usy6c58cwH6ocYuC3KQjZB8zhKJ4vbLH3bm
|
||||
c+AJM8KZ4ey5Dnexx4QXhS16dJDjS2682qBHOPCnXnR9b4S2N5HWQHj9M8pDiaAa
|
||||
ftafvq/13k4yziXn+pkUyKA6Ytx9VfVBpsMLfVAeJ93Q5K4pDbXc6UX0YXMxy660
|
||||
Ca1yG4sXhK0O9m8qPLUzBhcvzn8evAt08IXB/eDCEcwpOlH3xvxZt5aFikBM6der
|
||||
Am5w38WjecbNOEirKzBi6ksMPv/K1+6dTqMIIDkLIQchACV8kIIDjI3ptr50PhBn
|
||||
QS06qD7Oiy+BJQ/fSGhJtlaVbbk1+w0EzuWXXqE8E8V5B5Um1Xw=
|
||||
=pq5V
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,16 +1,23 @@
|
||||
Summary: Rotates, compresses, removes and mails system log files
|
||||
Name: logrotate
|
||||
Version: 3.19.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
License: GPLv2+
|
||||
URL: https://github.com/logrotate/logrotate
|
||||
Source0: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz
|
||||
Source1: rwtab
|
||||
Source1: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz.asc
|
||||
|
||||
# gpg --keyserver pgp.mit.edu --recv-key 992A96E075056E79CD8214F9873DB37572A37B36
|
||||
# gpg --output kdudka.pgp --armor --export kdudka@redhat.com
|
||||
Source2: kdudka.pgp
|
||||
|
||||
Source3: rwtab
|
||||
|
||||
BuildRequires: acl
|
||||
BuildRequires: automake
|
||||
BuildRequires: gcc
|
||||
BuildRequires: git
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: libacl-devel
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: make
|
||||
@ -31,6 +38,7 @@ Install the logrotate package if you need a utility to deal with the
|
||||
log files on your system.
|
||||
|
||||
%prep
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%autosetup -S git
|
||||
|
||||
cat >> .gitignore << EOF
|
||||
@ -67,7 +75,7 @@ install -p -m 644 examples/logrotate.{service,timer} $RPM_BUILD_ROOT%{_unitdir}/
|
||||
|
||||
# Make sure logrotate is able to run on read-only root
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d
|
||||
install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/logrotate
|
||||
install -m644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/logrotate
|
||||
|
||||
%pre
|
||||
# If /var/lib/logrotate/logrotate.status does not exist, create it and copy
|
||||
@ -107,6 +115,9 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/rwtab.d/logrotate
|
||||
|
||||
%changelog
|
||||
* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> 3.19.0-3
|
||||
- verify GPG signature of upstream tarball when building the package
|
||||
|
||||
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.19.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
|
||||
1
sources
1
sources
@ -1 +1,2 @@
|
||||
SHA512 (logrotate-3.19.0.tar.xz) = 7838e14a5b147f6e5edf6efdf743deeca39fdb563fc6f14aa010ac5b7bdef9c2bb8005415481d1b042b31975052d5ed6e75c4bcd7e378003427ebe5ec02a1f2c
|
||||
SHA512 (logrotate-3.19.0.tar.xz.asc) = 94cc6f255170e78690ac2a034abae2a593053278a4acd77b44a7ae8b9fcb76d428881ee6f45f28ebb0c2290a83615fc1a143d0d896dce385a37376d460732ed7
|
||||
|
||||
Loading…
Reference in New Issue
Block a user