File suse-build-key.spec of Package suse-build-key.30597

#
# spec file for package suse-build-key
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           suse-build-key
BuildRequires:  gpg
Provides:       build-key
Requires:       gpg
AutoReqProv:    off
Summary:        The public gpg key for rpm package signature verification
License:        GPL-2.0+
Group:          System/Packages
Version:        12.0
Release:        0

#pub   rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = 7F00 9157 B127 B994 D5CF  BE76 F74F 09BC 3FA1 D6CE
#uid                             SUSE Package Signing Key <build@suse.de>
# The new 4096bit RSA signing key for SLE.
Source5:	gpg-pubkey-3fa1d6ce-63c9481c.asc

# pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# The main package signing key.
Source0:        gpg-pubkey-39db7c82-5f68629b.asc

# pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
# Fallback key if main key gets lost.
Source1:        gpg-pubkey-50a3dd1c-50f35137.asc
# pub   rsa4096/0xA1BFC02BD588DC46 2023-01-19 [SC] [expires: 2033-01-16]
#      Key fingerprint = B56E 5601 41D8 F654 2DFF  3BF9 A1BF C02B D588 DC46
# uid                             SUSE Package Signing Key (reserve key) <build@suse.de>
# Fallback key if main key gets lost.
Source10:	gpg-pubkey-d588dc46-63c939db.asc

# pub  1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
# SLES 11 key.
Source2:        suse-sle11-key.asc

#pub   rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09]
#     Key fingerprint = 0EE9 CA43 0050 9E29 17A0  54ED 8EFE 1BC4 D4AD E9C3
# container key used by Container TUF style signing.
Source3:	build-container-d4ade9c3-5a2e9669.asc
Source4:	build-container-d4ade9c3-5a2e9669.pem

#pub   rsa4096/0x100CEB438FD6C337 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = 2BFA 4649 1A1C FFA8 31EF  C4B6 100C EB43 8FD6 C337
#uid                             SUSE Linux Container Signing Key <build-container@suse.de>
# container signingkey for registry.suse.com, 4096 bit RSA / 2023 variant.
Source6:	build-container-8fd6c337-63c94b45.asc
Source7:        build-container-8fd6c337-63c94b45.pem

#pub   rsa4096/0x1D441A8CC0ACC782 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = BDA8 1B26 D46C 7B46 129F  391D 1D44 1A8C C0AC C782
#uid                             SUSE PTF Container Signing Key <support-container@suse.com>
# 4096 bit PTF containersigning key.
Source8:	suse_ptf_containerkey_2023.pem
Source9:	suse_ptf_containerkey_2023.asc


#pub   rsa2048/0x9F2528FDB76EB97A 2018-04-24 [SC] [expires: 2026-02-24]
#      Key fingerprint = 9109 9832 523C C4EF 9741  F3A5 9F25 28FD B76E B97A
#uid                             SUSE PTF Container Signing Key <support-container@suse.com>
Source96:	suse_ptf_containerkey.asc
# pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
# SUSE supplied PTF (program temporary fixes) are signed by this key.
# supplied to be not imported by default
Source97:       suse_ptf_key_old.asc
#pub   rsa2048/0x46DFA05C6F5DA62B 2022-02-25 [SC] [expires: 2026-02-24]
#      Key fingerprint = 1604 494D 38DA 2FA7 AA26  97AE 46DF A05C 6F5D A62B
#uid                             SUSE PTF Signing Key <support@suse.com>
Source98:       suse_ptf_key.asc

#pub   rsa4096/0x09461C70AF5425F7 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = 6D6C 8072 BF35 2152 3062  D823 0946 1C70 AF54 25F7
#uid                             SUSE PTF Signing Key <support@suse.com>
# new 4096bit RSA PTF signing key
Source95:	suse_ptf_key_2023.asc


#pub   rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2024-02-24]
#      Key fingerprint = 2BAB 445F B9B4 F0D3 30E4  7CB0 B205 E69B AB2F D922
#uid                             SUSE Security Team <security@suse.de>
#uid                             SUSE Security Team <security@suse.com>
#sub   rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2024-02-24]
Source99:       security_at_suse_de.asc

Source100:      dumpsigs
Source101:	import-suse-build-key

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch
%define keydir  %{_prefix}/lib/rpm/gnupg/keys
%define containerkeydir  %{_prefix}/share/container-keys/
%define pemcontainerkeydir  %{_prefix}/share/pki/containers/
PreReq:         sh-utils gpg fileutils mktemp

# obsoletes old SLE11 build key, as it is 1024 bit only
Obsoletes:	gpg-pubkey-b37b98a9
# fixme: next release obsolete old PTF key.

%description
This package contains the gpg keys that are used to sign the
SUSE rpm packages. The keys installed here are not actually
used by directly, but need to be imported to the RPM database first.

rpm/zypper use only the keys in the RPM database.

The package also contains the Container signing keys in GPG and in X.509
PEM format for use by Docker Notary and Sigstore/Cosign.

%prep
%setup -qcT

%build
cp %SOURCE2 .
cp %SOURCE8 .
cp %SOURCE9 .
cp %SOURCE95 .
cp %SOURCE96 .
cp %SOURCE97 .
cp %SOURCE98 .
cp %SOURCE99 .

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{keydir}
for i in %sources; do
    case "$i" in
        */gpg-pubkey-*.asc|*/*ptf_key.asc|*/*ptf_key_2023.asc)
        install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
        ;;
    esac
done
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg

install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/
install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc
install -c -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-2023.asc
# keep it there too for compat
install -c -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.pem
install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-2023.pem
install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/
install -c -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem
install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-2023.pem

install -d -m 755 %{buildroot}/var/adm/update-scripts/
install -m 755 %{SOURCE101} $RPM_BUILD_ROOT/var/adm/update-scripts/%{name}-%{version}-%{release}-import-suse-build-key.sh

%files
%defattr(644,root,root)
%doc security_at_suse_de.asc suse_ptf_key.asc suse_ptf_containerkey.asc suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem suse-sle11-key.asc suse_ptf_key_old.asc
%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
%attr(755,root,root) %dir %{keydir}
%attr(755,root,root) %dir %{containerkeydir}
%attr(755,root,root) %dir /usr/share/pki/
%attr(755,root,root) %dir %{pemcontainerkeydir}
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
%{keydir}/gpg-pubkey-39db7c82-5f68629b.asc
%{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc
%{keydir}/gpg-pubkey-d588dc46-63c939db.asc
%{keydir}/suse_ptf_key.asc
%{keydir}/suse_ptf_key_2023.asc
%{containerkeydir}/suse-container-key.asc
%{containerkeydir}/suse-container-key.pem
%{containerkeydir}/suse-container-key-2023.asc
%{containerkeydir}/suse-container-key-2023.pem
%{pemcontainerkeydir}/suse-container-key.pem
%{pemcontainerkeydir}/suse-container-key-2023.pem
/var/adm/update-scripts/%{name}-%{version}-%{release}-import-suse-build-key.sh


%changelog