rpms/npth
6
0
Fork 0
Code Issues Pull Requests Releases Activity

reenable signature verification

Browse Source 
It was supposedly disabled in 2014 (but never implemented anyways). We
should check the signature (per guidelines), and we can, so let's do it.

The keyring is generated from gnupg.org's legacy public key block (our
tool deals with keyrings only), filtered for the relevant key of Werner
Koch only. It is expired as of today but was not at release time of the
packaged sources. Expect the keyring to change for the next release!
This commit is contained in:
Michael J Gruber 2022-08-31 13:54:36 +02:00
parent 0324f9b918
commit 7f604f45f6
4 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@
/npth-1.3.tar.bz2 /npth-1.3.tar.bz2
/npth-1.5.tar.bz2 /npth-1.5.tar.bz2
/npth-1.6.tar.bz2 /npth-1.6.tar.bz2
/npth-1.6.tar.bz2.sig

BIN
gpgkey-D8692123C4065DEA5E0F3AB5249B39D24F25E3B6.gpg Normal file
View File

Binary file not shown.

17
npth.spec
View File

@ -1,16 +1,19 @@
Name: npth Name: npth
Version: 1.6 Version: 1.6
Release: 9%{?dist} Release: 10%{?dist}
Summary: The New GNU Portable Threads library Summary: The New GNU Portable Threads library
License: LGPLv2+ License: LGPLv2+
URL: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=npth.git URL: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=npth.git
Source: https://gnupg.org/ftp/gcrypt/npth/%{name}-%{version}.tar.bz2 Source0: https://gnupg.org/ftp/gcrypt/npth/%{name}-%{version}.tar.bz2
#Source1: ftp://ftp.gnupg.org/gcrypt/npth/npth-%{version}.tar.bz2.sig Source1: https://gnupg.org/ftp/gcrypt/npth/%{name}-%{version}.tar.bz2.sig
# Keyring generated from https://gnupg.org/devel/old-signature-keys.asc
Source2: gpgkey-D8692123C4065DEA5E0F3AB5249B39D24F25E3B6.gpg
# Manual page is re-used and changed pth-config.1 from pth-devel package # Manual page is re-used and changed pth-config.1 from pth-devel package
Source2: npth-config.1 Source3: npth-config.1
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: gnupg2
%description %description
nPth is a non-preemptive threads implementation using an API very similar nPth is a non-preemptive threads implementation using an API very similar
@ -28,6 +31,7 @@ This package contains libraries and header files for
developing applications that use %{name}. developing applications that use %{name}.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup %autosetup
%build %build
@ -36,7 +40,7 @@ developing applications that use %{name}.
%install %install
%make_install %make_install
install -Dpm0644 -t %{buildroot}%{_mandir}/man1 %{S:2} install -Dpm0644 -t %{buildroot}%{_mandir}/man1 %{S:3}
find %{buildroot} -name '*.la' -delete -print find %{buildroot} -name '*.la' -delete -print
%check %check
@ -57,6 +61,9 @@ make check
%{_datadir}/aclocal/%{name}.m4 %{_datadir}/aclocal/%{name}.m4
%changelog %changelog
* Wed Aug 31 2022 Michael J Gruber <mjg@fedoraproject.org> - 1.6-10
- reenable signature verification
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-9 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

1
sources
View File

@ -1 +1,2 @@
SHA512 (npth-1.6.tar.bz2) = 2ed1012e14a9d10665420b9a23628be7e206fd9348111ec751349b93557ee69f1176bcf7e6b195b35b1c44a5e0e81ee33b713f03d79a33d1ecd9037035afeda2 SHA512 (npth-1.6.tar.bz2) = 2ed1012e14a9d10665420b9a23628be7e206fd9348111ec751349b93557ee69f1176bcf7e6b195b35b1c44a5e0e81ee33b713f03d79a33d1ecd9037035afeda2
SHA512 (npth-1.6.tar.bz2.sig) = 9f466a94b686ec07b5acac7844a1a116059998c8dc00ca6761557706e7529a9b62322d23ce0c25d3379f67168ca62c3b720d6090eb1174b5352a018ea1b900c2