From 7e502cc8e69ee859ddf097d7a493349bbf73bf12 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Sun, 26 Aug 2018 00:32:30 -0400 Subject: [PATCH] Check upstream GPG signature in %prep MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream provides signatures for the source tarballs. Automatically verify them in %prep. This is one less manual step for maintainers. The upstream tarballs are signed by Alexey Sokolov, AKA DarthGandalf. The key was initially taken from Alexey's profile page at savannah.gnu.org¹. The key was then refreshed from the public keyservers to pick up changes to the expiration date. Lastly, it was exported via the following command: gpg2 --armor --export-options export-minimal --export \ D5823CACB477191CAC0075555AE420CC0209989E > gpgkey-5AE420CC0209989E.asc ¹ https://savannah.gnu.org/users/darthgandalf --- gpgkey-5AE420CC0209989E.asc | 89 +++++++++++++++++++++++++++++++++++++ znc.spec | 11 +++++ 2 files changed, 100 insertions(+) create mode 100644 gpgkey-5AE420CC0209989E.asc diff --git a/gpgkey-5AE420CC0209989E.asc b/gpgkey-5AE420CC0209989E.asc new file mode 100644 index 0000000..bc8a0f5 --- /dev/null +++ b/gpgkey-5AE420CC0209989E.asc @@ -0,0 +1,89 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE66oWABEADT/ix/xviuWpwAeySocHnYozbjO4L1lKzaj4OMfAZfP+KvwX8H +jy0Ymf4KwxVkub0R2znLlmYiSjHaelMNwK9EDaY48uodV7EMHBostP6u+tjUJQsZ +tQI3ErUYOv0Qlx3xfZ8UvlCT6AWdvlZQha8oAs3EzaUPrBD5dsnUFE6wq0UsBBoA +5xCh/2eGEqKjtSNTf1ZtSCF1StfRPPX8bqkEMpBsTTak3G6+3yt9GYRAqDwSTkB2 +usMroWrDAIG2+mLKqpHtRKz3T/VP4sL7v03w+DDPyQXMajHepAdAwkMweRWQgZBi +n3Qb5tOHPQTzR/3zz80XidyxjwL9hNdrRA5tHoH3uoNCZ1XNZrsK8XnCBDHQJdVK +jD2TOceTH/khobjm+187PcmCunkHuiFH0qY1rX7vsv9F4Zy78ZV4UD76Lky5UE7Y +nns4oyQqfjRGyCC9kw7hmUDQ0LBMPaoxAf5IOuXQlLc7RHmdcwvML6nBzIV2ueJG +AMWnNh4G8Ms4N6buZHHAipZ8EzL9itbNVjvKdh2K02wq6M8/QvRKlp1kcmpJsDAC +501tUXMyPA1K9FppWRrXjmAzYvSSXXRcXT8U6RXxVA48JI6UaO4AL2iV1MjmsXo6 +SdaPCFg4oiziTGgCdNcdKqSJU7N8oYDwHRZ7wSOeVI1b7ZB6cXbrQAHBUQARAQAB +tCNBbGV4ZXkgU29rb2xvdiA8a3RvbmlidWRAZ21haWwuY29tPokCPgQTAQIAKAIb +AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlhytLQFCQ9brdAACgkQWuQgzAIJ +mJ4kYA/7Bmak/BOdHNoSQCGzAj+rTiWNuTVmaMPU9cIrDvh2VvpLMHZfVktQ7pEv +lKZh4/93SXKY9MrFg2U5ThFO+O5wd62S0dTmUZuzh54qvxTQgCA1ShgCvDj+6YGn +IyrbtkLOCEiFT1+GR2pBdaZfsiO1uGZ177KOR7TSoh95ZA7/euU0nWX+75DTtaLK +vbwG0/H9vF1/ANAVsGMQEw2a/L5JDc0UxUYDwydkLoow+JVzSwYmhS5uLr5+bSv8 +i2uvcFOiLktBosu/Mrt4vOvzMdUlA1Tto8E945CZdRFahU7LHHnMRZseqy/928S8 +L7MLuCnyCIF1B6tJecoXgjaAtyRFfwhnpZbx5r9ebsT6nHLXSWmGoQCT8AbaP+pu +tQTeT0exzf0JY5kLosKT0XdklGHyuOpOlid+kyEJXTgLZBkpBW9Ee4Qu9NzTvaBM +Et8bM7d9pj56e6i+ybMYAOm9eM8wP6aUGrSmMlm1d1k2X4PiwyrLui7pJ/2oRgqX +DGwGXEi4dEjyrXMPAjqFTKJUzYG5+DkmUohD4WBD+SYyZnxeLhu5AJDsQlBA+cRn +yluy6ohCr2Pp+32bIVzYZzl6uTT+WcIuY7d8eF8c/9lvG63rCHn10xOC5/En+CCX +bjCP2l0XBMaoC1EXeakoeoIsp0uyOzKVz2eciL+wVSZ2+Iq3US20JEFsZXhleSBT +b2tvbG92IDxhbGV4ZXlAYXNva29sb3Yub3JnPokCQQQTAQIAKwIbAwYLCQgHAwIG +FQgCCQoLBBYCAwECHgECF4ACGQEFAlhytLAFCQ9brdAACgkQWuQgzAIJmJ7Xmg/9 +EZexxioWUbpNMBUbXMLjPWQXxyV+/53nDGnl8WJWvPStIbubulratXRJtL8J8C1t +uTMgSP85bRsnUxv1ETOwg7esET13LR3sqDDWIzvqFiiupNBh3CI54Ub761JsZBCk +rtiKjg6EDwOK3hCCaQt3RdATeLAF/Qxok8WAHEgWhCd0sjSlhMyqTiMvFpod678A +WYoOjPbb3Vc+pdl7qC0hBaIwKgjnW3eowjoSWDg8VyUSb1vtwXyknKHZ1ZmzOjjx +TRE1Rw69NQMzJCEMZaF1L5JdolQbS4dm27NRN1Fd5hgXhfe7doq/FLd/f8sgNvIL +UctdzpI3HNmN5QXH2xaDkY3fFc2e+8qHK6wPOX2IKMBTBXwnXFxJIQcDXEImVo8U +1sZtiABan2Yfec0mnVO/ofiYrR7z5hrFnUfuTUs3XUWUmJSqzPmf43zbRbTndhlL +nLdHiRz35+cFhleh1mDgFbFRQCtA7a7NF0CIcAWZxFe6WtcTb83J4Dq+6tsO01hS +9b3npYAjV6pB2nQJAlDH4a9YOZB/fY//Lc00kt8UnTV1NFw3usUBaSq5wIgB3IvS +RA38FHd+yH05R79nvZUkjtyHiE9znUbehBIJjtB//A3e6Bga9i91ebQBaN/MLa8c +zbOjP641cLe41/WEDsHe+qP4oNunjJ3bHBvw5F+0RYW0K0FsZXhleSBTb2tvbG92 +IDxhbGV4ZXlAYWxleGV5c29rb2xvdi5jby5jYz6JAh8EMAEIAAkFAlZoQfoCHSAA +CgkQWuQgzAIJmJ5F0A//VLE/Eg2RzIA1u6bj2F/+q3vVxZGh27druc70/lyERHvF +zuEpwedWJY9hn8QW8hfoSEf+KF5FR7DQ31l5072en6G4k8uNrVhwWXdraNMV+FoF +jiFbUPhWu09tHiyqtuPrxVnibPXWqZ66/gta1gbc+5jxm0MA+13czka3DOm26/Vg +2IIt6GCGM4nUaBSC2iifbVH/FbxHc7KlzK+itdqigp5Ij2qg1tRY/W6t5zFuiiax +YE6ni9sUljRz/nO+rk5I/ZcTy69rtVmy0z3we58jsxkzDs1SSJ6Qw3gjcMdsmllu +FFGMm3X6P1X23pjJ7aPzVMkmD5BQEKKGm/Od184i/VGm6a2tai4eHvIn8/VBSNu2 +PqNpCXmL0GnO2d869hXqtVd5EqegaHVEaSLnyqKnxU6Fgnf33epvhkfJ6mdFmnHF +7RFr/VuGnWRHnkT9ZtGUazBAywv041tIqUMcw22ER2exRei5n/cS9FOfqM7EqfO4 +BKm8RAjtJUzHB7ha/MRj6hQLsBf8mpNZJWKLhOzuvqveTljuGaD6xfTvxZ8zxCRO +dZrer5VvQkkV35V+e4nJGRAy4Mn0g38C8VF+BbvzIa0Noes3ZJ36Nt/Xuvy+wL4E +fmBvxLtEs/DFAiTCwX9NAujjDVXlTA81A/Ig7/vpD+g+F2EN9MjtUBTdPod6Gyq0 +LkFsZXhleSBTb2tvbG92IChaTkMpIDxhbGV4ZXkrem5jQGFzb2tvbG92Lm9yZz6J +Aj8EEwECACkCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCWHK0tAUJD1ut +0AAKCRBa5CDMAgmYniG7D/9C3eM//ZX7O4e4tPdgFQqA8CX286dISnN74Lq0451P +xw5MpbJvC8sEDcBg3EdGngRF6W8GRQnMHZKhqrVZn/LbzcE1b+CxyjmCT4xXWOJ1 +0vUgaJkJNQGg3VLl4ImhWgRX16jX+poKa85NsbVWm0zl2U9ZxOfQIh+TCQizju7L +6fK6knYG3rw51YWLWJ268KgxsGgovMVF4e/g6vaFVwZCmhREL9nq8/tDcMJnnwtt +sAdWHT5axRJOHru3oroatyjnQygsoboMe9ScKC+VZSt27l6fsF6bfct6sqIahW1U +hV/MajWF/PjdcQBg+BUE/jMzmiB2modl1savr0/O4wjvnRHQjmh5U2VVwJ4YMGVo +y6TTurEL0POialzIMqLhrGtqv1bIefk7d4FAqGg97gX1HsBOKKWhmXzdBMgR0ueK +lwjlbYEETya9XvQ2gDQS8Fa0G+RbbXesJLChl07O32ujfzkUlzJnaGSS8l3gV328 +g7+PT5iu9ZBQlLl+X+EGhDhhb/qRKBf0eUHIFmDvVBQ/FTW3SkeKuR4wgQ6z8Sfr +dyS/Dc9yQKNz7wXsUEzYhLV5eNdBrbFcUOHqXfc/LYzMXGKL78fNUFuZLxs7lw8p +fb6dNBZ8DqsgbMmCXiboNI+J1IUSLhaXYMlW7mLpq17+U8BpfY/QUVzNgN3lrnJH +yLkCDQROuqFgARAAprAiO4ddX7PCYekdLhCmpTl6FQRsM9pfObBOjeenMeZ9R0jA +IiaaoNkAIHQjZFlcUDezzjzoegGqhy/Hf8Zk4rwJ9ypfg4tjKdWtnWPG4NjXMjXV +vyiaGFl9JwOLV3tXhcLRHRkl8RKE1Sl5ez3SJ7cw3NbEgeJ2esRHjcFULQbQpg4I +ND6ati/vUOKmP9v/ocpwuUL/2yBZzwPETc6/jeK5MZPtxWBD6zoyoCFmo/0SEORF +IyUoNQsev5+AtNowQ4ERXhYPBbJkkbrk2usQZDlSaqAcDg3xu4Ln5ft26CT8BJhr +R6l4WiqPrR9Q92e+Mo/mC+UKL4cmUZeOGX1f9z1niNNjKAhwgjPFAwiahLf5WVmR +V0mbTeD2mdnJXBam9UYo8WaagmJZYQ4Gk+Vk8akWnO2EUP3baUFsN80wAUlsKIWX +A7By19A80CiSMrhCkIlgCJY1U9+WWJShGybKv4YuYuizNi8zHOiWIKzulXRtkpHl +XcKaoYdQz3hv5iPOr+SNSDo3IKLuuNhEAtOreTkuvjASz3X0etGjAqbv8jOCBSH3 +PlNB4BEwdGY5KAEZdARXPm2cv50PW1oamO7B1+ZXaPGM6iH7bZqFaGyBIrBSetnz +QyaEuTx4ES858atajsEe+74h1Mkhy3zjqdDFkznKNmiMtK3ea2sZCcnqM6EAEQEA +AYkCJQQYAQIADwIbDAUCWHK01wUJD1ut9wAKCRBa5CDMAgmYnsJaD/0dOb3gYBHX +P+Sdh/QeH3UhaIQgKvBqFkQs5xXV11aQ3GYlqe2FSMXfqSYx2LLUmonxsLSw8bQb +HbaQgs2/innLpghTea9Pu1aJYmDa85RFi4vruhht8k7k9fdJLY+L3r6+uL0o463I +MZZhBFitBpvCabJUw0DUv0ZUp6FfuRA99VwYXy+MbtY6+EqdcF3t/pmiYOcXWPEt +hJAeJ2zwxF+8dA/uvXjfVyb6NAbMuYyHYzaZmCYW+Bz3+LS8ct3QDOqi2L0cj3vb +pLcOQD2WzS1tMqx4o8GzVCn0W0246y3rMURYBrd/4wGpSLogbyPk/HbUH+UqVmrO +HeVXUp88oP91o/nU+8zP5y02Yc3JqllqT8275m1w3NuSwaTa6PiHCmT542OfpBNp +PuhQ7IPPmwK5unOgFtQH8EydnMopuQjQeNHgrFKmfifn2++aTYnUdOV16qVy4oEv +aBjF+RqFDkTtSbB4ji72JCpEAtiXStouSWU9K8eIi+Su5J31/jBJV8xyf+MZ3aAE +By3K3LSty7l4Ie7XqsMD8HMxXUQUj7rUEoysw1YZALeEIR7mzEW5+go+Lq/F71RP +GcrDrdtKA5xNJZpoOB2IgS2ZBTlrjOdu9QGX8sZdr9I5SNsATtmOvlYHCsKiasQj +yyIpbKrNT4ugmrTrkOXU85APrub821Rp+g== +=HB3n +-----END PGP PUBLIC KEY BLOCK----- diff --git a/znc.spec b/znc.spec index 815df07..185b2a2 100644 --- a/znc.spec +++ b/znc.spec @@ -20,12 +20,15 @@ Group: System Environment/Daemons License: ASL 2.0 URL: https://znc.in Source0: %{url}/releases/%{name}-%{version}.tar.gz +Source1: %{url}/releases/%{name}-%{version}.tar.gz.sig +Source2: gpgkey-5AE420CC0209989E.asc BuildRequires: automake BuildRequires: c-ares-devel BuildRequires: cyrus-sasl-devel BuildRequires: gcc-c++ BuildRequires: gettext-devel +BuildRequires: gnupg2 BuildRequires: libicu-devel BuildRequires: openssl-devel >= 0.9.8 BuildRequires: perl(ExtUtils::Embed) @@ -111,6 +114,13 @@ python3 module for ZNC %prep +# Verify GPG signature +gpghome="$(mktemp -qd)" # Ensure we don't use any existing gpg keyrings +key="%{SOURCE2}" +gpg2 --dearmor --quiet --batch --yes $key >/dev/null +gpgv2 --homedir "$gpghome" --quiet --keyring $key.gpg %{SOURCE1} %{SOURCE0} +rm -rf "$gpghome" $key.gpg # Cleanup tmp gpg home dir and dearmored key + %autosetup -p1 @@ -251,6 +261,7 @@ getent passwd znc >/dev/null || \ - Remove cruft from %%prep - Use %%autosetup, %%make_build, and %%make_install macros - Use https for URL and SOURCE tags +- Check upstream GPG signature in %%prep * Mon Jul 23 2018 Nick Bebout - 1.7.1-2 - Add gcc-c++ and redhat-rpm-config to znc-devel's dependencies