File uyuni-build-keys.spec of Package uyuni-build-keys

#
# spec file for package uyuni-build-keys
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%global gpgdirroot %{_datarootdir}/susemanager/gpg

%global susemanager_build_keys_version 15.5.1

%if 0%{?rhel}
%global apache_name httpd
%else
%global apache_name apache2
%endif

Name:           uyuni-build-keys
BuildRequires:  gpg
Requires:       gpg
Requires:       (awk or gawk)
Provides:       susemanager-build-keys = %{susemanager_build_keys_version}
AutoReqProv:    off
Summary:        The public GPG keys for RPM package signature verification
License:        GPL-2.0-or-later
Group:          System/Packages
URL:            https://www.uyuni-project.org/
Version:        2024.06
Release:        0

# pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# SLE12: The main package signing key.
Source2:        gpg-pubkey-39db7c82-66c5d91a.asc
# pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
# SLE12 Fallback key if main key gets lost.
Source3:        gpg-pubkey-50a3dd1c-50f35137.asc

# pub  1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
# SLE11 build@suse.de key, 1024 bit
Source4:        gpg-pubkey-307e3d54-5aaa90a5.asc

# pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
# SLE10 build@suse.de key, 1024 bit
Source5:        gpg-pubkey-9c800aca-5aaa90c5.asc

# pub   1024D/0182B964 2008-11-05 Extended Support Package Signing Key (Extended Support Package Signing Key) <extended-build@novell.com>
# EPAM RES build key
Source6:        gpg-pubkey-0182b964-4911a584.asc

# pub   2048R/3DBDC284 2008-11-07 openSUSE Project Signing Key <opensuse@opensuse.org>
Source7:        gpg-pubkey-3dbdc284-53674dd4.asc

# pub   2048R/0D20833E 2018-06-18 systemsmanagement:Uyuni:Master OBS Project <systemsmanagement:Uyuni:Master@build.opensuse.org>
Source8:        gpg-pubkey-0d20833e.asc

# pub rsa4096/C105B9DE 2011-07-03 CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>
# CentOS-6 Key
Source9:        RPM-GPG-KEY-CentOS-6

# pub rsa4096/F4A80EB5 2014-06-23 CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>
# CentOS-7 Key
Source10:       RPM-GPG-KEY-CentOS-7

# pub   rsa4096/3B4FE6ACC0B21F32 2012-05-11 Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
# Ubuntu archive key 2012
Source11:       ubuntu-archive-2012-3B4FE6ACC0B21F32.asc

# pub   rsa4096/871920D1991BC93C 2018-09-17 Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
# Ubuntu archive key 2018
Source12:       ubuntu-archive-2018-871920D1991BC93C.asc

# pub   rsa2048/72F97B74EC551F03 2010-07-01 Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
# OL6 and OL7
Source13:       RPM-GPG-KEY-oracle-ol-6-7

# pub   rsa4096/82562EA9AD986DA3 2019-04-09 Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
# OL8
Source14:       RPM-GPG-KEY-oracle-ol8

# pub   rsa4096/044ADAEE04881839 2019-01-04 Micro Focus Build Service (Contact security@novell.com) <OESBuild@novell.com>
# Micro Focus
Source15:       oes-gpg-pubkey-044ADAEE04881839.asc

# pub   rsa2048/57DA9A6804A29DB0 2015-07-08 Novell Bangalore BuildService (Contact security@novell.com) <novell-bangalore-build@novell.com>
# old Novell Key
Source16:       oes-gpg-pubkey-57DA9A6804A29DB0.asc

# pub   rsa4096/05B555B38483C65D 2019-05-03 CentOS (CentOS Official Signing Key) <security@centos.org>
# CentOS8
Source17:       RPM-GPG-KEY-CentOS-Official

# pub   rsa2048/65176565 2015-05-29 openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org>
# PackageHub
Source18:       packagehub-gpg-pubkey-65176565.asc

# pub   rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09]
# Key fingerprint = 0EE9 CA43 0050 9E29 17A0  54ED 8EFE 1BC4 D4AD E9C3
# uid                             SUSE Linux Container Signing Key <build-container@suse.de>
# The SUSE Container GPG Key.
Source19:       build-container-d4ade9c3-5a2e9669.asc

# pub   rsa4096/E0B11894F66AEC98 2017-05-22 [SC] [expires: 2025-05-20]
# Key fingerprint = E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
# uid                 [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
# sub   rsa4096/04EE7237B7D453EC 2017-05-22 [S] [expires: 2025-05-20]
Source20:       debian-archive-key-9-04EE7237B7D453EC.asc

# pub   rsa4096/EDA0D2388AE22BA9 2017-05-22 [SC] [expires: 2025-05-20]
# Key fingerprint = 6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
# uid                 [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
# sub   rsa4096/AA8E81B4331F7F50 2017-05-22 [S] [expires: 2025-05-20]
Source21:       debian-archive-key-9-security-AA8E81B4331F7F50.asc

# pub   rsa4096/EF0F382A1A7B6500 2017-05-20 [SC] [expires: 2025-05-18]
# Key fingerprint = 067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
# uid                 [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>
Source22:       debian-release-9-EF0F382A1A7B6500.asc

# pub   rsa4096/DC30D7C23CBBABEE 2019-04-14 [SC] [expires: 2027-04-12]
# Key fingerprint = 80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
# uid                 [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
# sub   rsa4096/648ACFD622F3D138 2019-04-14 [S] [expires: 2027-04-12]
Source23:       debian-archive-key-10-648ACFD622F3D138.asc

# pub   rsa4096/4DFAB270CAA96DFA 2019-04-14 [SC] [expires: 2027-04-12]
# Key fingerprint = 5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
# uid                 [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
# sub   rsa4096/112695A0E562B32A 2019-04-14 [S] [expires: 2027-04-12]
Source24:       debian-archive-key-10-security-112695A0E562B32A.asc

# pub   rsa4096/DCC9EFBF77E11517 2019-02-05 [SC] [expires: 2027-02-03]
# Key fingerprint = 6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
# uid                 [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>
Source25:       debian-release-10-DCC9EFBF77E11517.asc

# pub   rsa4096/7638D0442B90D010 2014-11-21 [SC] [expires: 2022-11-19]
# Key fingerprint = 126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
# uid                 [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
Source26:       debian-archive-key-8-7638D0442B90D010.asc

# pub   rsa4096/EFD752E7E232ED8712E7635CEB801C41873141A8 2016-12-13 alicloud7release <alicloud-linux-os@service.aliyun.com>
# Alibaba Cloud Linux 2 (Aliyun Linux)
Source27:       RPM-GPG-KEY-ALIYUN

# pub   rsa4096/11CF1F95C87F5B1A 2017-06-07 [SC]
#      99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A
# uid                 [ unknown] Amazon Linux <amazon-linux@amazon.com>
Source28:       RPM-GPG-KEY-amazon-linux-2

# pub   rsa4096/0x3ABB34F8 2021-01-12 [C] [expires: 2024-01-12]
#       5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8
# uid                     AlmaLinux <packager@almalinux.org>
# sub   rsa3072/0xC21AD6EA 2021-01-12 [S] [expires: 2024-01-12]
Source29:       RPM-GPG-KEY-AlmaLinux

# pub   rsa2048 2020-12-02 [SC] [expires: 2023-02-10]
#       44CA8C74F08D9C47618782DF3C90731ED78C6B69
# uid           SUSE:SLE-15-SP3:Update OBS Project <SUSE:SLE-15-SP3:Update@build.opensuse.org>
Source30:       gpg-pubkey-d78c6b69-5fc7b9e7.asc

# pub   rsa4096 2021-02-14 [SCE]
#       7051C470A929F454CEBE37B715AF5DAC6D745A60
# uid           Release Engineering <infrastructure@rockylinux.org>
Source31:       RPM-GPG-KEY-rockyofficial

# pub   rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
#      AC530D520F2F3269F5E98313A48449044AAD5C5D
# uid           [ unknown] Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
Source32:       debian-archive-key-11-security-A48449044AAD5C5D.asc

# pub   rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
#       1F89983E0081FDE018F3CC9673A4F27B8DD47936
# uid           [ unknown] Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
Source33:       debian-archive-key-11-73A4F27B8DD47936.asc

# pub   rsa4096 2021-02-13 [SC] [expires: 2029-02-11]
#       A4285295FC7B1A81600062A9605C66F00D6C9793
# uid           [ unknown] Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>
Source34:       debian-release-11-605C66F00D6C9793.asc

# pub   rsa2048 2019-10-21 [SCEA]
#       12EA74AC9DF48D46C69CA0BED557065EB25E7F66
# uid           private OBS (key without passphrase) <defaultkey@localobs>
Source35:       RPM-GPG-KEY-openEuler

# pub   rsa4096 2022-01-18 [SC]
#       BF18AC2876178908D6E71267D36CB86CB86B3716
# uid           AlmaLinux OS 9 <packager@almalinux.org>
Source36:       RPM-GPG-KEY-AlmaLinux-9

# pub   rsa4096 2022-01-19 [SC] [expires: 2042-01-14]
#       3E6D826D3FBAB389C2F38E34BC4D06A08D8B756F
# uid           Oracle Linux (release key 1) <secalert_us@oracle.com>
Source37:       RPM-GPG-KEY-oracle

# pub   rsa4096 2022-01-19 [SC] [expires: 2042-01-14]
#       982231759C7467065D0CE9B2A7DD07088B4EFBE6
# uid           Oracle Linux (backup key 1) <secalert_us@oracle.com>
Source38:       RPM-GPG-KEY-oracle-backup

# pub   rsa4096 2009-10-22 [SC]
#       567E347AD0044ADE55BA8A5F199E2F91FD431D51
# uid           [ unknown] Red Hat, Inc. (release key 2) <security@redhat.com>
Source39:       RPM-GPG-KEY-redhat-release

# pub   rsa4096 2022-03-09 [SC]
#       7E4624258C406535D56D6F135054E4A45A6340B3
# uid           [ unknown] Red Hat, Inc. (auxiliary key 3) <security@redhat.com>
Source40:       RPM-GPG-KEY-redhat-auxiliary

# pub   rsa4096 2022-05-09 [SC]
#       21CB256AE16FC54C6E652949702D426D350D275D
# uid           Rocky Enterprise Software Foundation - Release key 2022 <releng@rockylinux.org>
Source41:       RPM-GPG-KEY-Rocky-9

# pub   rsa4096 2022-09-21 [SC] [expires: 2026-09-20]
#       CCB57F6E2FA5D41B256E02B897A636DB0BAD8ECC
# uid           SUSE product addon <build-addon@suse.de>
Source42:       build-addon-0bad8ecc-632aff67.asc

# pub   rsa4096 2022-05-30 [SC] [expires: 2032-05-27]
#       F8CD9BBD5C9614F95CA85788177086FAB0F9C64F
# uid           SUSE Liberty Package Signing Key (v2) <suse-liberty-build-v2@suse.de>
Source43:       RPM-GPG-KEY-SUSE-Liberty-v2

#pub   rsa4096/0xA1BFC02BD588DC46 2023-01-19 [SC] [expires: 2033-01-16]
#      Key fingerprint = B56E 5601 41D8 F654 2DFF  3BF9 A1BF C02B D588 DC46
#uid                             SUSE Package Signing Key (reserve key) <build@suse.de>
Source44:       gpg-pubkey-d588dc46-63c939db.asc

#pub   rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = 7F00 9157 B127 B994 D5CF  BE76 F74F 09BC 3FA1 D6CE
#uid                             SUSE Package Signing Key <build@suse.de>
#
Source45:       gpg-pubkey-3fa1d6ce-63c9481c.asc

#pub   rsa4096/0x35A2F86E29B700A4 2022-06-20 [SC] [expires: 2026-06-19]
#      Key fingerprint = AD48 5664 E901 B867 051A  B15F 35A2 F86E 29B7 00A4
#uid                    openSUSE Project Signing Key <opensuse@opensuse.org>
Source46:       gpg-pubkey-29b700a4.asc

#pub   rsa4096/254CF3B5AEC0A8F0 2023-01-21 [SC] [verfällt: 2031-01-19]
#      05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0
#uid              Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
Source47:       debian-archive-key-12-security-254CF3B5AEC0A8F0.asc

#pub   rsa4096/B7C5D7D6350947F8 2023-01-21 [SC] [verfällt: 2031-01-19]
#      B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
#uid              Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
Source48:       debian-archive-key-12-B7C5D7D6350947F8.asc

#pub   ed25519/F8D2585B8783D481 2023-01-23 [SC] [verfällt: 2031-01-21]
#      4D64FEC119C2029067D6E791F8D2585B8783D481
#uid              Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>
Source49:       debian-release-12-F8D2585B8783D481.asc

#pub   rsa4096/8A49EB0325DB7AE0 2023-05-10 [SC] [verfällt: 2027-05-09]
#      F044C2C507A1262B538AAADD8A49EB0325DB7AE0
#uid              openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org>
Source50:       packagehub-gpg-pubkey-8A49EB0325DB7AE0.asc

#pub   rsa4096 2022-12-08 [SC]
#      B21C50FA44A99720EAA72F7FE951904AD832C631
#uid           Amazon Linux <amazon-linux@amazon.com>
Source51:       RPM-GPG-KEY-amazon-linux-2023

#pub   rsa2048 2017-04-10 [SC] [caduca: 2031-04-07]
#      54C3 DD61 0D9D 1B4A F82A  3775 8738 CD6B 956F 460C
#uid                      Raspberry Pi Downloads Signing Key
#sub   rsa2048 2017-04-10 [E] [caduca: 2031-04-07]
Source52:       raspberrypi_downloads.gpg.key

#pub   rsa2048 2012-04-01 [SC]
#      A0DA 38D0 D76E 8B5D 6388  7281 9165 938D 90FD DD2E
#uid                      Mike Thompson (Raspberry Pi Debian armhf ARMv6+VFP) <mpthompson@gmail.com>
#sub   rsa2048 2012-04-01 [E]
Source53:       raspbian.public.key

#pub   rsa4096/0x2AE81E8ACED7258B 2023-10-10 [SC]
#      BC5E DDCA DF50 2C07 7F15  8288 2AE8 1E8A CED7 258B
#uid                      AlmaLinux OS 8 <packager@almalinux.org>
Source54:       RPM-GPG-KEY-AlmaLinux-8

#pub   rsa4096/0xFEC28EAF09D9EA69 2023-05-10 [SC] [expires: 2027-05-09]
#      Key fingerprint = 1C59 D66F CD52 563A 1693  3DBC FEC2 8EAF 09D9 EA69
#uid                             ALP Package Signing Key <build-alp@suse.de>
Source55:       build-alp-09d9ea69-645b99ce.asc

#pub   rsa4096/0xC7B81E4373F03759 2022-04-29 [SC] [expires: 2032-04-26]
#      Key fingerprint = 5056 7568 F292 0FF1 65B2  5FB2 C7B8 1E43 73F0 3759
#uid                             ALP Package Signing Key (reserve key) <build-alp@suse.de>
Source56:       build-alp-reserve-73F03759-626bd414.asc

# pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
# SUSE supplied PTF (program temporary fixes) are signed by this key.
# supplied to be not imported by default
Source98:       suse_ptf_key_old-B37B98A9.asc

#pub   rsa2048 2022-02-25 [SC] [verfällt: 2026-02-24]
#      1604494D38DA2FA7AA2697AE46DFA05C6F5DA62B
#uid           SUSE PTF Signing Key <support@suse.com>
Source99:       suse_ptf_key-6F5DA62B.asc

#pub   rsa4096/0x09461C70AF5425F7 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = 6D6C 8072 BF35 2152 3062  D823 0946 1C70 AF54 25F7
#uid                             SUSE PTF Signing Key <support@suse.com>
Source100:      suse_ptf_key_2023.asc

Source101:      uyuni-build-keys.conf

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch

%define pubring  var/lib/spacewalk/gpgdir/pubring.gpg
%define susering %{_prefix}/lib/uyuni/uyuni-build-keys.gpg

%if 0%{?rhel}
PreReq:         gpg
PreReq:         (coreutils or coreutils-single)
%else
PreReq:         fileutils
PreReq:         gpg
PreReq:         mktemp
PreReq:         sh-utils
%endif

%description
This package contains the GPG keys that are used to sign the
SUSE and openSUSE RPM packages. The keys installed here are not
actually used by anything. rpm/zypper use the keys in the rpm
db instead.

%package web
Summary:        The public GPG keys for bootstrap use
Group:          System/Packages
Requires:       %{name} = %{version}-%{release}
Requires:       %{apache_name}
Provides:       susemanager-build-keys-web = %{susemanager_build_keys_version}

%description web
This package contains the GPG keys that are used to sign the
SUSE and openSUSE RPM packages. These keys are installed in
the web enviroment to be used in a bootstrap script.

%prep
%setup -qcT

%build
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
# Since gpg2 version 2.4.1 keyboxd is used by default in fresh installs.
# This is controlled by having the option use-keyboxd in common.conf file.
# To force the use of the keyring, we need to remove that option
if [ -f /home/abuild/.gnupg/common.conf ];then
  sed -e "s/use-keyboxd//g" -i /home/abuild/.gnupg/common.conf
fi

touch uyuni-build-keys.gpg
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE2}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE3}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE4}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE5}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE6}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE7}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE8}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE9}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE10}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE11}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE12}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE13}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE14}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE15}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE16}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE17}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE18}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE19}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE20}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE21}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE22}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE23}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE24}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE25}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE26}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE27}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE28}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE29}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE30}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE31}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE32}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE33}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE34}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE35}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE36}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE37}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE38}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE39}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE40}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE41}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE42}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE43}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE44}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE45}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE46}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE47}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE48}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE49}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE50}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE51}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE52}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE53}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE54}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE55}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE56}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE98}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE99}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE100}

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{_prefix}/lib/uyuni/
mkdir -p $RPM_BUILD_ROOT/var/lib/spacewalk/gpgdir
install uyuni-build-keys.gpg $RPM_BUILD_ROOT/%{susering}
touch $RPM_BUILD_ROOT/%{pubring}
touch $RPM_BUILD_ROOT/%{pubring}~

mkdir -p $RPM_BUILD_ROOT%{gpgdirroot}/
install %{SOURCE2}  $RPM_BUILD_ROOT%{gpgdirroot}/sle12-gpg-pubkey-39db7c82.key
install %{SOURCE3}  $RPM_BUILD_ROOT%{gpgdirroot}/sle12-reserve-gpg-pubkey-50a3dd1c.key
install %{SOURCE4}  $RPM_BUILD_ROOT%{gpgdirroot}/sle11-gpg-pubkey-307e3d54.key
install %{SOURCE5}  $RPM_BUILD_ROOT%{gpgdirroot}/sle10-gpg-pubkey-9c800aca.key
install %{SOURCE6}  $RPM_BUILD_ROOT%{gpgdirroot}/res-gpg-pubkey-0182b964.key
install %{SOURCE7}  $RPM_BUILD_ROOT%{gpgdirroot}/opensuse-gpg-pubkey-3dbdc284.key
install %{SOURCE8}  $RPM_BUILD_ROOT%{gpgdirroot}/uyuni-gpg-pubkey-0d20833e.key
install %{SOURCE9}  $RPM_BUILD_ROOT%{gpgdirroot}/centos6-gpg-pubkey-c105b9de.key
install %{SOURCE10} $RPM_BUILD_ROOT%{gpgdirroot}/centos7-gpg-pubkey-f4a80eb5.key
install %{SOURCE11} $RPM_BUILD_ROOT%{gpgdirroot}/ubuntu-gpg-pubkey-3B4FE6ACC0B21F32.key
install %{SOURCE12} $RPM_BUILD_ROOT%{gpgdirroot}/ubuntu-gpg-pubkey-871920D1991BC93C.key
install %{SOURCE13} $RPM_BUILD_ROOT%{gpgdirroot}/ol67-gpg-pubkey-72F97B74EC551F03.key
install %{SOURCE14} $RPM_BUILD_ROOT%{gpgdirroot}/ol8-gpg-pubkey-82562EA9AD986DA3.key
install %{SOURCE15} $RPM_BUILD_ROOT%{gpgdirroot}/oes-gpg-pubkey-044ADAEE04881839.key
install %{SOURCE16} $RPM_BUILD_ROOT%{gpgdirroot}/oes-gpg-pubkey-57DA9A6804A29DB0.key
install %{SOURCE17} $RPM_BUILD_ROOT%{gpgdirroot}/centos8-gpg-pubkey-05B555B38483C65D.key
install %{SOURCE18} $RPM_BUILD_ROOT%{gpgdirroot}/packagehub-gpg-pubkey-65176565.key
install %{SOURCE19} $RPM_BUILD_ROOT%{gpgdirroot}/sle-container-gpg-pubkey-d4ade9c3.key
install %{SOURCE20} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-AA8E81B4331F7F50.key
install %{SOURCE21} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-AA8E81B4331F7F50.key
install %{SOURCE22} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-EF0F382A1A7B6500.key
install %{SOURCE23} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-648ACFD622F3D138.key
install %{SOURCE24} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-112695A0E562B32A.key
install %{SOURCE25} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-DCC9EFBF77E11517.key
install %{SOURCE26} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-7638D0442B90D010.key
install %{SOURCE27} $RPM_BUILD_ROOT%{gpgdirroot}/aliyunlinux2-gpg-pubkey-EFD752E7E232ED87.key
install %{SOURCE28} $RPM_BUILD_ROOT%{gpgdirroot}/amazonlinux2-gpg-pubkey-8312182E7F8CF5ED.key
install %{SOURCE29} $RPM_BUILD_ROOT%{gpgdirroot}/almalinux8-gpg-pubkey-488FCF7C3ABB34F8.key
install %{SOURCE30} $RPM_BUILD_ROOT%{gpgdirroot}/gpg-pubkey-d78c6b69-5fc7b9e7.key
install %{SOURCE31} $RPM_BUILD_ROOT%{gpgdirroot}/rockylinux8-gpg-pubkey-15AF5DAC6D745A60.key
install %{SOURCE32} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-A48449044AAD5C5D.key
install %{SOURCE33} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-73A4F27B8DD47936.key
install %{SOURCE34} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-605C66F00D6C9793.key
install %{SOURCE35} $RPM_BUILD_ROOT%{gpgdirroot}/openeuler-gpg-pubkey-D557065EB25E7F66.key
install %{SOURCE36} $RPM_BUILD_ROOT%{gpgdirroot}/almalinux9-gpg-pubkey-D36CB86CB86B3716.key
install %{SOURCE37} $RPM_BUILD_ROOT%{gpgdirroot}/oracle-gpg-pubkey-BC4D06A08D8B756F.key
install %{SOURCE38} $RPM_BUILD_ROOT%{gpgdirroot}/oracle-gpg-pubkey-A7DD07088B4EFBE6.key
install %{SOURCE39} $RPM_BUILD_ROOT%{gpgdirroot}/redhat-release-gpg-pubkey-199E2F91FD431D51.key
install %{SOURCE40} $RPM_BUILD_ROOT%{gpgdirroot}/redhat-auxiliary-gpg-pubkey-5054E4A45A6340B3.key
install %{SOURCE41} $RPM_BUILD_ROOT%{gpgdirroot}/rockylinux9-gpg-pubkey-702D426D350D275D.key
install %{SOURCE42} $RPM_BUILD_ROOT%{gpgdirroot}/build-addon-97A636DB0BAD8ECC.key
install %{SOURCE43} $RPM_BUILD_ROOT%{gpgdirroot}/suse-liberty-v2-gpg-pubkey-177086FAB0F9C64F.key
install %{SOURCE44} $RPM_BUILD_ROOT%{gpgdirroot}/sle15-reserve-gpg-pubkey-d588dc46.key
install %{SOURCE45} $RPM_BUILD_ROOT%{gpgdirroot}/sle15-gpg-pubkey-3fa1d6ce.key
install %{SOURCE46} $RPM_BUILD_ROOT%{gpgdirroot}/opensuse-gpg-pubkey-29b700a4.key
install %{SOURCE47} $RPM_BUILD_ROOT%{gpgdirroot}/debian-archive-key-12-security-254CF3B5AEC0A8F0.key
install %{SOURCE48} $RPM_BUILD_ROOT%{gpgdirroot}/debian-archive-key-12-B7C5D7D6350947F8.key
install %{SOURCE49} $RPM_BUILD_ROOT%{gpgdirroot}/debian-release-12-F8D2585B8783D481.key
install %{SOURCE50} $RPM_BUILD_ROOT%{gpgdirroot}/packagehub-gpg-pubkey-8A49EB0325DB7AE0.key
install %{SOURCE51} $RPM_BUILD_ROOT%{gpgdirroot}/amazonlinux2023-gpg-pubkey-E951904AD832C631.key
install %{SOURCE52} $RPM_BUILD_ROOT%{gpgdirroot}/raspberrypi_downloads.gpg.key
install %{SOURCE53} $RPM_BUILD_ROOT%{gpgdirroot}/raspbian.public.key
install %{SOURCE54} $RPM_BUILD_ROOT%{gpgdirroot}/almalinux8-gpg-pubkey-2AE81E8ACED7258B.key
install %{SOURCE55} $RPM_BUILD_ROOT%{gpgdirroot}/build-alp-09d9ea69-645b99ce.key
install %{SOURCE56} $RPM_BUILD_ROOT%{gpgdirroot}/build-alp-reserve-73F03759-626bd414.key

install %{SOURCE98} $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-b37b98a9.key # old ptf key
install %{SOURCE99} $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-6f5da62b.key # new ptf key
install %{SOURCE100} $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-af5425f7.key # 2023 rsa 4k ptf key

mkdir -p $RPM_BUILD_ROOT/etc/%{apache_name}/conf.d/
install %{SOURCE101} $RPM_BUILD_ROOT/etc/%{apache_name}/conf.d/uyuni-build-keys.conf

# install some keys in the salt FS structure to be able to deploy them to clients
mkdir -p $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/

install $RPM_BUILD_ROOT%{gpgdirroot}/res-gpg-pubkey-0182b964.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/res-gpg-pubkey-0182b964.key
install $RPM_BUILD_ROOT%{gpgdirroot}/sle12-gpg-pubkey-39db7c82.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/el-tools-gpg-pubkey-39db7c82.key
install $RPM_BUILD_ROOT%{gpgdirroot}/sle11-gpg-pubkey-307e3d54.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/el6-tools-gpg-pubkey-307e3d54.key
install $RPM_BUILD_ROOT%{gpgdirroot}/uyuni-gpg-pubkey-0d20833e.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/uyuni-tools-gpg-pubkey-0d20833e.key
install $RPM_BUILD_ROOT%{gpgdirroot}/build-addon-97A636DB0BAD8ECC.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/build-addon-97A636DB0BAD8ECC.key
install $RPM_BUILD_ROOT%{gpgdirroot}/suse-liberty-v2-gpg-pubkey-177086FAB0F9C64F.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/suse-liberty-v2-gpg-pubkey-177086FAB0F9C64F.key

# new ptf key not used yet via salt, but maybe needed when we release PTFs for 3rd party OSes
install $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-6f5da62b.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/ptf-gpg-pubkey-6f5da62b.key
install $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-af5425f7.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/ptf-gpg-pubkey-af5425f7.key

for i in $RPM_BUILD_ROOT%{gpgdirroot}/*key; do KEYFILE=$(basename $i); echo "RewriteRule ^/pub/$KEYFILE /gpg/$KEYFILE  [L,PT]" >> $RPM_BUILD_ROOT/etc/%{apache_name}/conf.d/uyuni-build-keys.conf; done;

%files
%defattr(644,root,root)
%attr(755,root,root) %dir %{_prefix}/lib/uyuni
%attr(755,root,root) %dir /var/lib/spacewalk/
%attr(755,root,root) %dir /var/lib/spacewalk/gpgdir
/%{susering}
%ghost /%{pubring}
%ghost /%{pubring}~

%post
if [ ! -f %{pubring} ]; then
    touch %{pubring}
fi
echo -n "importing Uyuni build key to rpm keyring... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
  echo "uyuni-build-keys::post: cannot make temporary file. Fatal error."
  exit 20
fi
if [ -z "$HOME" ]; then
  HOME=/root
  export HOME
fi
if [ ! -d "$HOME" ]; then
  mkdir "$HOME"
fi
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
         --keyring %{susering}    --export -a > $TF
a="$?"
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
         --keyring %{pubring}   --import < $TF
b="$?"
rm -f "$TF"
if [ "$a" = 0 -a "$b" = 0 ]; then
    echo "done."
else
    echo "importing the key from the file %{susering}"
    echo "returned an error. This should not happen. It may not be possible"
    echo "to properly verify the authenticity of rpm packages from SUSE sources."
    echo "The keyring containing the SUSE rpm package signing key can be found"
    echo "in the root directory of the first CD (DVD) of your SUSE product."
    exit -1
fi

# we need to trust them, otherwise the verify will fail
echo -n "Trusting Uyuni build keys... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
  echo "uyuni-build-keys::post: cannot make temporary file. Fatal error."
  exit 20
fi
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
    --keyring %{susering} --list-keys --with-fingerprint \
    --with-colons | grep fpr | awk -F: '{printf("%s:6:\n", $10);}' > $TF
c="$?"
gpg -q --batch --no-default-keyring --no-permission-warning \
    --homedir /var/lib/spacewalk/gpgdir/ --import-ownertrust < $TF
d="$?"
rm -f "$TF"
if [ "$c" = 0 -a "$d" = 0 ]; then
    echo "done."
else
    echo "trusting the key from the file %{susering}"
    echo "returned an error. This should not happen. It may not be possible"
    echo "to properly sync repositories using spacewalk-repo-sync."
    exit -1
fi

%files web
%defattr(644,root,root)
%dir  %{gpgdirroot}
%dir /usr/share/susemanager/
%dir /usr/share/susemanager/salt/
%dir /etc/%{apache_name}
%dir /etc/%{apache_name}/conf.d
/usr/share/susemanager/salt/gpg
%{gpgdirroot}/*.key
/etc/%{apache_name}/conf.d/uyuni-build-keys.conf

%changelog
openSUSE Build Service is sponsored by