File openSUSE-build-key.spec of Package openSUSE-build-key
#
# spec file for package openSUSE-build-key
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: openSUSE-build-key
BuildRequires: gpg
License: GPLv2+
Group: System/Packages
Provides: build-key
Conflicts: suse-build-key
Requires: gpg
AutoReqProv: off
Summary: The public gpg key for rpm package signature verification
Version: 1.0
Release: 4
Source0: gpg-pubkey-307e3d54-4be01a65.asc
Source1: gpg-pubkey-3d25d3d9-36e12d04.asc
Source2: gpg-pubkey-3dbdc284-4be1884d.asc
Source3: gpg-pubkey-56b4177a-4be18cab.asc
Source4: gpg-pubkey-9c800aca-4be01999.asc
Source100: dumpsigs
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%define pubring usr/lib/rpm/gnupg/pubring.gpg
%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
%define keydir usr/lib/rpm/gnupg/keys
PreReq: sh-utils gpg fileutils mktemp
%description
This package contains the gpg key that is used to sign official SuSE
rpm packages. It will be installed as a keyring in
/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
own keys to verify against should use the following commandline command
to add the key to the keyring as used by RPM:
gpg --no-options --no-default-keyring \ --keyring
/usr/lib/rpm/gnupg/pubring.gpg --import
%prep
%build
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
install -d -m 755 $RPM_BUILD_ROOT/%{keydir}
touch $RPM_BUILD_ROOT/%{susering}
mkdir -p %{_builddir}/gpg
for i in %sources; do
case "$i" in
*.asc)
install -m 644 "$i" $RPM_BUILD_ROOT/%{keydir}
# XXX: installation-images/linuxrc use this. need to fix
gpg -q --batch --no-options \
--home=%{_builddir}/gpg \
--no-permission-warning \
--no-default-keyring \
--keyring=$RPM_BUILD_ROOT/%{susering} \
--import "$i"
;;
esac
done
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
touch $RPM_BUILD_ROOT/%{pubring}
touch $RPM_BUILD_ROOT/%{pubring}~
rm $RPM_BUILD_ROOT/%{susering}~
%files
%defattr(644,root,root)
%attr(755,root,root) %dir /usr/lib/rpm/gnupg
%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
/%{susering}
/%keydir
%ghost /%{pubring}
%ghost /%{pubring}~
%post
if [ ! -f %{pubring} ]; then
touch %{pubring}
fi
echo -n "importing SUSE keys to rpm keyring... "
if [ -z "$HOME" ]; then
HOME=/root
fi
if [ ! -d "$HOME" ]; then
mkdir "$HOME"
fi
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
#
failed=0
for i in %keydir/*.asc; do
gpg -q --batch --no-options \
--no-permission-warning \
--no-default-keyring \
--keyring=/%{pubring} \
--import \
"$i" || failed=1
done
if [ "$failed" = 0 ]; then
echo "done."
else
echo "importing one of the gpg keys in %keydir"
echo "returned an error. This should not happen. It may not be possible"
echo "to properly verify the authenticity of rpm packages from SUSE sources."
echo "The keyring containing the SUSE rpm package signing key can be found"
echo "in the root directory of the first CD (DVD) of your SUSE product."
exit -1
fi
### import suse package build key to roots gpg keyring
chroot . usr/bin/gpg --export --armor --no-default-keyring \
--keyring %{pubring} build@suse.de \
| chroot . usr/bin/gpg --import || true
if ! chroot . usr/bin/gpg --list-keys build@suse.de >/dev/null 2>&1 ; then
echo "gpg import for build@suse.de failed, please import manually" >&2
fi
%changelog
