From c54a7f0b3de55a97bdd182a84a40f3fef9b5341a Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <pavel@zhukoff.net>
Date: Thu, 29 Oct 2020 08:27:48 +0100
Subject: [PATCH] Add sources verification (#1888510)

---
 .gitignore | 2 ++
 nmap.spec  | 9 ++++++++-
 sources    | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 449f023..70f00df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
 /nmap-*.tar.bz2
+/nmap-7.91.tar.bz2.asc
+/nmap_gpgkeys.txt
diff --git a/nmap.spec b/nmap.spec
index b5b91a9..d0908c5 100644
--- a/nmap.spec
+++ b/nmap.spec
@@ -7,7 +7,7 @@ Name: nmap
 Epoch: 2
 Version: 7.91
 #global prerelease TEST5
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Network exploration tool and security scanner
 URL: http://nmap.org/
 # Uses combination of licenses based on GPL license, but with extra modification
@@ -15,6 +15,8 @@ URL: http://nmap.org/
 License: Nmap
 
 Source0: http://nmap.org/dist/%{name}-%{version}%{?prerelease}.tar.bz2
+Source1: https://nmap.org/dist/sigs/%{name}-%{version}.tar.bz2.asc
+Source2: https://svn.nmap.org/nmap/docs/nmap_gpgkeys.txt
 
 #prevent possible race condition for shtool, rhbz#158996
 Patch1: nmap-4.03-mktemp.patch
@@ -42,6 +44,7 @@ BuildRequires: lua-devel
 BuildRequires: openssl-devel
 BuildRequires: pcre-devel
 BuildRequires: zlib-devel
+BuildRequires: gnupg2
 Requires: %{name}-ncat = %{epoch}:%{version}-%{release}
 
 Obsoletes: nmap-frontend
@@ -78,6 +81,7 @@ uses.
 
 
 %prep
+%{gpgverify} --keyring=%{SOURCE2} --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1
 
 #be sure we're not using tarballed copies of some libraries
@@ -136,6 +140,9 @@ ln -s ncat %{buildroot}%{_bindir}/nc
 %{_mandir}/man1/ncat.1.gz
 
 %changelog
+* Thu Oct 29 2020 Pavel Zhukov <pzhukov@redhat.com> - 2:7.91-3
+- Add source verification
+
 * Thu Oct 22 2020 Sergio Correia <scorreia@redhat.com>  2:7.91-2
 - Backport fix for UNIX domain socket crash
   Upstream: https://github.com/nmap/nmap/commit/f6b40614e4a8131394792d590965f8af3c635323
diff --git a/sources b/sources
index aaf82d9..3243527 100644
--- a/sources
+++ b/sources
@@ -1 +1,3 @@
 SHA512 (nmap-7.91.tar.bz2) = 9d59f031b5f748311e9f9a0b9d05ad4a7a70fc6ac17598d7c4c81a4825c95d53817d74435d839e67b9379a052f2d37889fd634f9c75301a851f465d60fb9974d
+SHA512 (nmap-7.91.tar.bz2.asc) = 376b74fc15896a1008709dac45b5af5d35ca00a1753994aba3ee6cffe2c2f0d67619fab45d57e83b454cfb376defe965f2bf881ef4cb8d5f8f2215979ad8ee96
+SHA512 (nmap_gpgkeys.txt) = ab9dddbedb7c74697ae1ec68e456e3d607c057b4ca9a3bf0269a9fde0289e81031ec15718da2686aa7a68b5428e95042072c53f93925439ba6b60abf43e61317