Verify upstream sources with GPG
This is now a recommended thing to do: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification Regardless if it adds actual security, it should prevent problems like this one: https://mail.python.org/archives/list/python-dev@python.org/message/OYNQS2BZYABXACBRHBHV4RCEPQU5R6EP/
This commit is contained in:
parent
428ef5ba1a
commit
a4690dd7f0
File diff suppressed because it is too large
Load Diff
|
@ -13,7 +13,10 @@ URL: https://www.python.org/
|
||||||
|
|
||||||
# WARNING When rebasing to a new Python version,
|
# WARNING When rebasing to a new Python version,
|
||||||
# remember to update the python3-docs package as well
|
# remember to update the python3-docs package as well
|
||||||
Version: %{pybasever}.9
|
%global general_version %{pybasever}.9
|
||||||
|
#global prerel ...
|
||||||
|
%global upstream_version %{general_version}%{?prerel}
|
||||||
|
Version: %{general_version}%{?prerel:~%{prerel}}
|
||||||
Release: 2%{?dist}
|
Release: 2%{?dist}
|
||||||
License: Python
|
License: Python
|
||||||
|
|
||||||
|
@ -186,6 +189,7 @@ BuildRequires: gdbm-devel
|
||||||
BuildRequires: glibc-all-langpacks
|
BuildRequires: glibc-all-langpacks
|
||||||
BuildRequires: glibc-devel
|
BuildRequires: glibc-devel
|
||||||
BuildRequires: gmp-devel
|
BuildRequires: gmp-devel
|
||||||
|
BuildRequires: gnupg2
|
||||||
BuildRequires: libappstream-glib
|
BuildRequires: libappstream-glib
|
||||||
BuildRequires: libffi-devel
|
BuildRequires: libffi-devel
|
||||||
BuildRequires: libnsl2-devel
|
BuildRequires: libnsl2-devel
|
||||||
|
@ -229,7 +233,9 @@ BuildRequires: python-pip-wheel
|
||||||
# Source code and patches
|
# Source code and patches
|
||||||
# =======================
|
# =======================
|
||||||
|
|
||||||
Source: https://www.python.org/ftp/python/%{version}/Python-%{version}%{?prerel}.tar.xz
|
Source0: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz
|
||||||
|
Source1: %{url}ftp/python/%{general_version}/Python-%{upstream_version}.tar.xz.asc
|
||||||
|
Source2: %{url}static/files/pubkeys.txt
|
||||||
|
|
||||||
# A simple script to check timestamps of bytecode files
|
# A simple script to check timestamps of bytecode files
|
||||||
# Run in check section with Python that is currently being built
|
# Run in check section with Python that is currently being built
|
||||||
|
@ -606,7 +612,8 @@ or older Fedora releases.
|
||||||
# ======================================================
|
# ======================================================
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n Python-%{version}%{?prerel}
|
%gpgverify -k2 -s1 -d0
|
||||||
|
%setup -q -n Python-%{upstream_version}
|
||||||
|
|
||||||
# Remove bundled libraries to ensure that we're using the system copy.
|
# Remove bundled libraries to ensure that we're using the system copy.
|
||||||
rm -r Modules/expat
|
rm -r Modules/expat
|
||||||
|
|
1
sources
1
sources
|
@ -1 +1,2 @@
|
||||||
SHA512 (Python-3.6.9.tar.xz) = 05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65eed7a857af945f69efcfb25efa3788e7a54016b03d80b611eb51c3ea074819
|
SHA512 (Python-3.6.9.tar.xz) = 05de9c6f44d96a52bfce10ede4312de892573edaf8bece65926d19973a3a800d65eed7a857af945f69efcfb25efa3788e7a54016b03d80b611eb51c3ea074819
|
||||||
|
SHA512 (Python-3.6.9.tar.xz.asc) = 0603d73dfea181486c56f547a62610d214338068c567d02d381f8ada8189d83831b239188b2f6cf70c7dbb3a88cb7bf7455ecd1c5025e46687dfbe422c2d3809
|
||||||
|
|
Loading…
Reference in New Issue