Verify upstream sources with GPG
This is now a recommended thing to do: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification Regardless if it adds actual security, it should prevent problems like this one: https://mail.python.org/archives/list/python-dev@python.org/message/OYNQS2BZYABXACBRHBHV4RCEPQU5R6EP/
This commit is contained in:
Miro Hrončok
parent
428ef5ba1a
commit
a4690dd7f0
File diff suppressed because it is too large
Load Diff
|
|
@ -13,7 +13,10 @@ URL: https://www.python.org/
|
|||
|
||||
# WARNING When rebasing to a new Python version,
|
||||
# remember to update the python3-docs package as well
|
||||
Version: %{pybasever}.9
|
||||
%global general_version %{pybasever}.9
|
||||
#global prerel ...
|
||||
%global upstream_version %{general_version}%{?prerel}
|
||||
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||
Release: 2%{?dist}
|
||||
License: Python
|
||||
|
||||
|
|
@ -186,6 +189,7 @@ BuildRequires: gdbm-devel
|
|||
BuildRequires: glibc-all-langpacks
|
||||
BuildRequires: glibc-devel
|
||||
BuildRequires: gmp-devel
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: libappstream-glib
|
||||
BuildRequires: libffi-devel
|
||||
BuildRequires: libnsl2-devel
|
||||
|
|
@ -229,7 +233,9 @@ BuildRequires: python-pip-wheel
|
|||
# Source code and patches
|
||||
# =======================
|
||||
|
||||
Source: https://www.python.org/ftp/python/%{version}/Python-%{version}%{?prerel}.tar.xz
|
||||
Source0: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz
|
||||
Source1: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz.asc
|
||||
Source2: %{url}static/files/pubkeys.txt
|
||||
|
||||
# A simple script to check timestamps of bytecode files
|
||||
# Run in check section with Python that is currently being built
|
||||
|
|
@ -606,7 +612,8 @@ or older Fedora releases.
|
|||
# ======================================================
|
||||
|
||||
%prep
|
||||
%setup -q -n Python-%{version}%{?prerel}
|
||||
%gpgverify -k2 -s1 -d0
|
||||
%setup -q -n Python-%{upstream_version}
|
||||
|
||||
# Remove bundled libraries to ensure that we're using the system copy.
|
||||
rm -r Modules/expat
|
||||
|
|
|
|||
1
sources
1
sources
|
|
@ -1 +1,2 @@
|
|||
SHA512 (Python-3.6.9.tar.xz) = 05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65eed7a857af945f69efcfb25efa3788e7a54016b03d80b611eb51c3ea074819
|
||||
SHA512 (Python-3.6.9.tar.xz.asc) = 0603d73dfea181486c56f547a62610d214338068c567d02d381f8ada8189d83831b239188b2f6cf70c7dbb3a88cb7bf7455ecd1c5025e46687dfbe422c2d3809
|
||||
|
|
|
|||
Loading…
Reference in New Issue