From 18a3ed28c7c1b57c1427adbf090eedfd023381a4 Mon Sep 17 00:00:00 2001
From: Felix Schwarz <felix.schwarz@oss.schwarz.eu>
Date: Tue, 12 May 2020 10:39:43 +0200
Subject: [PATCH] add source file verification

---
 .gitignore                                       |   1 +
 ...1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg | Bin 0 -> 1188 bytes
 python-cryptography.spec                         |  15 +++++++++++++--
 sources                                          |   1 +
 4 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg

diff --git a/.gitignore b/.gitignore
index a2635bb..266fb17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@
 /cryptography-2.7.tar.gz
 /cryptography-2.8.tar.gz
 /cryptography-2.9.tar.gz
+/cryptography-2.9.tar.gz.asc
diff --git a/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg b/gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..dcae2d294ee960fa1eef388915659a59fa32b11d
GIT binary patch
literal 1188
zcmV;V1Y7%=0SyFFBCR_C2mru&73El&3H2t5nI68Q9hzL>cT6mwg4zkC{+7HPTeg8I
z5C7)pzdb1LWju5%BxHBsP5O}OCXjdQEW2i$Lc+)O4ZOLxR^_+WviC;x)2|n`7borH
zlrmsn)=F-Ho<DNC$JHfBQW@=bO7nvcy*b^sHEk(gF@8wu(Vii4ZHgZo=I?IRV{g*D
zS*T*lX@v8FYfW<^hAY_1D%lah_^+loD~;ih_~GCFYz1TC#5n~p_$c_~TLPn~?~m#D
zui2Qp<t^(l&c{a<f3A>)o7%uUf!Q>Yx>9Vp)dWmAs3e|O^!kSv_QwU>+~kgjV=sbx
zG_MY5!uxRNARqsoa}NL!0RRECB~W2?Y#>WzXmVw8AUtqkb!;wdE^B3Ia%FNrXKi6=
zY%XJOZ9a(sI0O>`0stZf0#YKaI|3U61`7!Y2Ll2I6$k<e3JU}l0s{d89svRufB*^!
z5F=XU@hSQ3n4HZA{x2I-co6<m29_^-KI@`NZeFu+FcarO{^r^M9|v*Syik60xZ*k`
z$%|o!BZ67Q5d?$IvY_jaLvr}>?hwshfU)IXoeRR;O;Hl&0joy8{$+b?307y>Hw#e2
zJ#MXXZ+O6C6Q)@WYf}5PDzBN=KS&W0skd_(ad2fj5zp%~A!(<pEVO6m<f901fMo_O
zDj#3z^C(94=4iZ%tgvVPe}8((^>0Y%SW02Q;Supcd40($4vJ{JY9kGNjS!)Rk#yu*
z(&X#V9BFp}Bi`3arWBhy=N-TgidssU_h-GqkF788Nsq<hKJ{tjKGg~Y^KhSP^Grie
zVB)b8O1<7zTDbuY1X3ccI{^p))K*_CCj1^ccP*)CZ{2rLDZ$nEvLYXxB9{`v!PX?e
z=keABo_>UMSeT8tM<8SNRbflj3C@z46XJ_GltsY7hNpD#p3*0NR;IX(;tNxIUZAsp
zvjrv5&pWLPa@OxSbk4_AoNwSVa%`p-QSMMy<JLJ?QcMv%=#RW{){%rIedP}@@o4<c
zz<ZH#C=L%{@=-!ww!*+sG)`pfj1HR1a#2acWpXj3AFww1aYB$USw8_IATPFB<g8A2
zez)>>LX<fjB1m&wS;Y&`zL&nnj$ytc+eXjrfjM4<bIb!<T{gABTXWkZXd}P;1h)1x
z!Wwfa6vn)mw(f-W$*00e01*KI0f_-01Q-DV00{*GQX;K80vikf3JDM+TIKO6`R$m`
z@(2HQfBk!qz9IoFIa&iX#`q@5f_D_?58fQA50xuoNhY9L1^T|5d>K~o2aan76TNt+
zDck+9&Z^K!qC4oS0_0JBrP){@>SfU>%js_t{o{pPu7AV6cf~{?y9$Y|9Gf}%7gY>)
zoy7Gp;9k9dgut!<8{2(s#E}#$7<V>tV%J|8DBf(OWWwZ^Lk}7`vl1UWL{52xxj7!X
z7ih~}%ROYB{F_#F;5kf8x~D$-2>AEWPu4N-OhF`_8Y#xZ9_QbJcFF|>A91rmEwi$;
z*Hici!kJ_R)x!~a=Tr;EdY;ia^|!vO#PUj~E7UXPt!hCPJ@@WHq@+{FNG1$0Ubbi@
CEhzZ_

literal 0
HcmV?d00001

diff --git a/python-cryptography.spec b/python-cryptography.spec
index d01a7f1..4e91e64 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -20,15 +20,22 @@
 
 Name:           python-%{srcname}
 Version:        2.9
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        PyCA's cryptography library
 
 License:        ASL 2.0 or BSD
 URL:            https://cryptography.io/en/latest/
-Source0:        https://pypi.io/packages/source/c/%{srcname}/%{srcname}-%{version}.tar.gz
+Source0:        %{pypi_source}
+Source1:        %{pypi_source}.asc
+# key ids of upstream authors are published in the AUTHORS file:
+#    https://github.com/pyca/cryptography/blob/master/AUTHORS.rst
+# gpg2 --recv-keys "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98"
+# gpg2 --export --export-options export-minimal "05FD 9FA1 6CF7 5735 0D91 A560 235A E5F1 29F9 ED98" > gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
+Source2:        gpgkey-05FD_9FA1_6CF7_5735_0D91_A560_235A_E5F1_29F9_ED98.gpg
 
 BuildRequires:  openssl-devel
 BuildRequires:  gcc
+BuildRequires:  gnupg2
 
 %if 0%{?with_python2}
 BuildRequires:  python2-cffi >= 1.7
@@ -108,6 +115,7 @@ recipes to Python developers.
 %endif
 
 %prep
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 %autosetup -p1 -n %{srcname}-%{version}
 
 %build
@@ -162,6 +170,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
 
 
 %changelog
+* Tue May 12 2020 Felix Schwarz <fschwarz@fedoraproject.org> - 2.9-2
+- add source file verification
+
 * Fri Apr 03 2020 Christian Heimes <cheimes@redhat.com> - 2.9-1
 - Update to 2.9 (#1820348)
 
diff --git a/sources b/sources
index 78d2a9a..1fc2f1e 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 SHA512 (cryptography-2.9.tar.gz) = 7db2846b901e42ddc4caa9851235e5a0894ef702d4c4692eb60fcae17bc4e7833782a8001679ea41b78f9273d7d68a4b85810248590e12ca33cfade3208e2849
+SHA512 (cryptography-2.9.tar.gz.asc) = 916a9b013e2f0760dfa965997c7cde0fbfde4b6a6c017325606a134ce8860c3db3a0b6820f79102612ab484105d74a03cd6d80eb494032a3ffb96e82a66b5b92