commit suse-build-key for openSUSE:Factory

[h_root]

Hello community,

here is the log from the commit of package suse-build-key for openSUSE:Factory 
checked in at 2014-01-10 07:16:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old)
 and      /work/SRC/openSUSE:Factory/.suse-build-key.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "suse-build-key"

Changes:
--------
--- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes    
2013-09-29 19:29:00.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.suse-build-key.new/suse-build-key.changes       
2014-01-10 07:16:28.000000000 +0100
@@ -1,0 +2,15 @@
+Thu Jan  9 12:29:53 UTC 2014 - meiss...@suse.com
+
+- Merged over logic from openSUSE-build-key.
+- Got rid of default importing into roots keyring.
+- Removed some old keys.
+- Clarify that secur...@suse.de is a email only key
+- PTF key is supplied also as %doc, to not be default
+  imported.
+- Keys currently inside:
+  - pub  2048R/39DB7C82 SuSE Package Signing Key <bu...@suse.de>
+  - pub  2048R/50A3DD1C SuSE Package Signing Key (reserve key) <bu...@suse.de>
+  - pub  1024D/B37B98A9 SUSE PTF Signing Key <supp...@suse.com>
+  - pub  2048R/3D25D3D9 SuSE Security Team <secur...@suse.de>
+
+-------------------------------------------------------------------

Old:
----
  suse-build-key.gpg

New:
----
  gpg-pubkey-39db7c82-510a966b.asc
  gpg-pubkey-50a3dd1c-50f35137.asc
  security_at_suse_de.asc
  suse_ptf_key.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ suse-build-key.spec ++++++
--- /var/tmp/diff_new_pack.24HXkd/_old  2014-01-10 07:16:29.000000000 +0100
+++ /var/tmp/diff_new_pack.24HXkd/_new  2014-01-10 07:16:29.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package suse-build-key
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -24,106 +24,64 @@
 Summary:        The public gpg key for rpm package signature verification
 License:        GPL-2.0+
 Group:          System/Packages
-Version:        1.0
-Release:        907.<RELEASE42>
-Source0:        suse-build-key.gpg
-Source1:        dumpsigs
+Version:        12.0
+Release:        0
+# pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <bu...@suse.de>
+# The main package signing key.
+Source0:        gpg-pubkey-39db7c82-510a966b.asc
+# pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) 
<bu...@suse.de>
+# Fallback key if main key gets lost.
+Source1:        gpg-pubkey-50a3dd1c-50f35137.asc
+
+# pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <supp...@suse.com>
+# SUSE supplied PTF (program temporary fixes) are signed by this key.
+# supplied to be not imported by default
+Source98:       suse_ptf_key.asc
+
+# pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <secur...@suse.de>
+# secur...@suse.de communication key.
+# Only used for E-Mail encryption and signing to/from secur...@suse.de.
+Source99:       security_at_suse_de.asc
+
+Source100:      dumpsigs
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
-%define pubring  usr/lib/rpm/gnupg/pubring.gpg
-%define susering usr/lib/rpm/gnupg/suse-build-key.gpg
+%define keydir  %{_prefix}/lib/rpm/gnupg/keys
 PreReq:         sh-utils gpg fileutils mktemp
 
 %description
-This package contains the gpg key that is used to sign official SuSE
-rpm packages. It will be installed as a keyring in
-/usr/lib/rpm/gnupg/pubring.gpg. Administrators who wish to add their
-own keys to verify against should use the following commandline command
-to add the key to the keyring as used by RPM:
-
-gpg --no-options --no-default-keyring \ --keyring
-/usr/lib/rpm/gnupg/pubring.gpg --import
+This package contains the gpg keys that are used to sign the
+SUSE rpm packages. The keys installed here are not actually
+used by anything. rpm/zypper use the keys in the rpm db instead.
 
 
 
 %prep
-rm -f foobarnosuchfileordirectory
-#%setup
+%setup -qcT
 
 %build
+cp %SOURCE98 .
+cp %SOURCE99 .
 
 %install
 rm -rf $RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-install %{SOURCE0} $RPM_BUILD_ROOT/%{susering}
-install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-mkdir keys
-cd keys
-$RPM_BUILD_ROOT/usr/lib/rpm/gnupg/dumpsigs $RPM_BUILD_ROOT/%{susering}
-cd ..
-cp -a keys $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
-
-touch $RPM_BUILD_ROOT/%{pubring}
-touch $RPM_BUILD_ROOT/%{pubring}~
+mkdir -p $RPM_BUILD_ROOT%{keydir}
+for i in %sources; do
+    case "$i" in
+        */gpg-pubkey-*.asc)
+        install -m 644 "$i" $RPM_BUILD_ROOT%{keydir}
+        ;;
+    esac
+done
+install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
 
 %files
 %defattr(644,root,root)
-%attr(755,root,root) %dir /usr/lib/rpm/gnupg
-%attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs
-/usr/lib/rpm/gnupg/keys
-%config /%{susering}
-%ghost /%{pubring}
-%ghost /%{pubring}~
-
-%post
-if [ ! -f %{pubring} ]; then
-    touch %{pubring}
-fi
-echo -n "importing SuSE build key to rpm keyring... "
-TF=`mktemp /tmp/gpg.XXXXXX`
-if [ -z "$TF" ]; then
-  echo "suse-build-key::post: cannot make temporary file. Fatal error."
-  exit 20
-fi
-if [ -z "$HOME" ]; then
-  HOME=/root
-  export HOME
-fi
-if [ ! -d "$HOME" ]; then
-  mkdir "$HOME"
-fi
-gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
-# no kidding... gpg won't initialize correctly without being called twice.
-gpg < /dev/null > /dev/null 2>&1 || true
-gpg < /dev/null > /dev/null 2>&1 || true
-gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
-         --keyring %{susering}    --export -a > $TF 
-a="$?"
-gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
-         --keyring %{pubring}   --import < $TF
-b="$?"
-rm -f "$TF"
-if [ "$a" = 0 -a "$b" = 0 ]; then
-    echo "done."
-else
-    echo "importing the key from the file %{susering}"
-    echo "returned an error. This should not happen. It may not be possible"
-    echo "to properly verify the authenticity of rpm packages from SuSE 
sources."
-    echo "The keyring containing the SuSE rpm package signing key can be found"
-    echo "in the root directory of the first CD (DVD) of your SuSE product."
-    exit -1
-fi
-### import suse package build key to roots gpg keyring
-if test -f root/.gnupg/pubring.gpg ; then
-   chroot . usr/bin/gpg --export --armor --no-default-keyring \
-                   --keyring %{susering} bu...@suse.de \
-        | chroot . usr/bin/gpg --import || true
-   if ! chroot . usr/bin/gpg --list-keys bu...@suse.de >/dev/null 2>&1 ; then
-      echo "gpg import for bu...@suse.de failed, please import manually" >&2
-   fi
-else
-   cp %{susering} root/.gnupg/pubring.gpg
-fi
-chmod 600 root/.gnupg/pubring.gpg
+%doc security_at_suse_de.asc suse_ptf_key.asc
+%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
+%attr(755,root,root) %dir %{keydir}
+%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
+%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
+%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
 
 %changelog

++++++ gpg-pubkey-39db7c82-510a966b.asc ++++++
70AF9E8139DB7C82 SuSE Package Signing Key <bu...@suse.de>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)

mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYFAlEKlmsCGwMFCQeE
zgAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBwr56BOdt8gomGCAC13Pi60I6O
8GJ03BQrmVyyJrDcwJxxqw0HmIENf3rDLMYTBuduM3mNm5Fy2Gl2IuWD9mHvckQs
0xa+A7mAwHXhIXWFCrZWyRH16w93BzjjLGiMMKimE8mg4XcaRL1FJhxGqq7FpLga
XpQofkw0yFcavuubETpDR3w4qiRVsNKq4RM00pMCpTpJDWamFJm/oOUmBE45Q071
v9C4oQHPsBNK/yMtlRssel815Xx4lbJIpKAg4BRtyBHWCzH/gVRGhYA8xDs/DEvu
Z9mswBdniP+K1XSkr+NtxFvtkAy/C2Q2qk3sqpCMOt3MDGTyBgqIoplE/4XRCis9
d7b1v1zv4/hN
=sQXd
-----END PGP PUBLIC KEY BLOCK-----
++++++ gpg-pubkey-50a3dd1c-50f35137.asc ++++++
5EAF444450A3DD1C SuSE Package Signing Key (reserve key) <bu...@suse.de>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)

mQENBFDzUTcBCADQ3p9ch1aR6cBqL+O7UNO+zFNTI5WxLf4tegWP8uuxK5tJTgXO
tjnwWmWIaijO6yfCtlBu8hD2Zp9sMenDY42yM5/uII0RpszqzqwwK5onnjGcSkWZ
8jAAn+mtLIJvCLCwTqwEM4mTdTZROtCnttHXZr4GFrqpeAh+SKEWIoMF66N1FSb6
S0evzYw3ryjbFY0pial9/hqqnsTWCNHzE1Up7qdNIPxDV8UGyUzm70/xMMjJSIkB
aGpRdhILfZgyH6Ajhm7VCPPzW/BO30RSjHDnyo3hR39jE+KxvdgqTz+AthK5z+p2
mwQ+ohTAo4dGb0lyZYFpXD7ucEl9w1ygzUe/ABEBAAG0NlN1U0UgUGFja2FnZSBT
aWduaW5nIEtleSAocmVzZXJ2ZSBrZXkpIDxidWlsZEBzdXNlLmRlPokBPAQTAQIA
JgUCUPNRNwIbAwUJB4TOAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEF6vRERQ
o90cr+kH/RwB21ma7cQvZ1lHvgcOTuM7Ttqq6x7uuFFDXCIdmbDHv1ocQI5Z3VCb
/7w+J8ZcBwNcr7i9Qsayu7umCILEOO8pNn/SlJVz6Kr6j6L8oAC3XHbXYrHacwMR
y9jQPCDqP7WZduRgEW2VWnIoNp6p/DAj724EmfLzURwLG1QKiLnOLtpygzyquk3S
gPGqgro+hCWX/VWgtBEKd33mgvwCBGjIe86VMvLCgtggyoBWDXYvsQMBO62fnk5w
Btwum/m8VPhWhcrbUK60ZsHbdwfmsBOKxewf2vIuKUcqJnIYCfsuBgx9xUxiNlGR
BVJIlG17h0jlRbEuuRez2397vU8Zw08=
=SfX3
-----END PGP PUBLIC KEY BLOCK-----
++++++ security_at_suse_de.asc ++++++
77B2E6003D25D3D9 SuSE Security Team <secur...@suse.de>

The block below contains the public key of the SUSE Security team.
It's used to sign security advisories and other imporant
announcents concerning the distribution. To be able to verify
signatures made with that key you need to import this file into your
keyring using the following command:

gpg --import security_at_suse_de.asc

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.16 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYK
=m7kg
-----END PGP PUBLIC KEY BLOCK-----
++++++ suse_ptf_key.asc ++++++
6C74CE73B37B98A9 SUSE PTF Signing Key <supp...@suse.com>

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.19 (GNU/Linux)

mQGiBEKCDxcRBAC8XEA/xoFsF6c9QHU0aA3JBCQC3Jhpdv1+YzZOHDaSUziQ2ZL8
12pt5oMg7qE0i5j0+zwL/0TUi4W8tar86a9gxRHzWgSkTiz4H2MvXSy5Qrnu1+Ho
MCAWMEL4s2JftKVu0XFRuT4nNHVi80JZxRzmF2EBLvtz7jrRHT/N/5A4FwCg+PE1
wR2NC89ux+VfxoR8UzQu4wUD/2ZBslJyLYE6rpUFYHceSK3gOlPSIlCn3OYlVDY3
AgYsqYH5gEOHxQeqigukk+tffyHIr5wdzTgTrPeL7v+TpgVHuRRuw7Dl9oi1PyoW
/PzNPjNSlXQCLUocY/ctCjre+WxjiewDPqmYVYS8Ie2DZMTFJ4w27mazfTJYgcPl
mmwqA/oDFSaXdRl0csqWi6XvjbUJKSVlDc8IuulB1IRLNk94+xKoDtC2xxp8zEVB
xBqmbT6pM1k3+KVzGL7oSHl4uMqzOkbRfKgKL/6ahJnLAGJPfPdFeIyGmvWDG915
TE8oMesJq/MSaohxdJ6dywkhjd19Cbdts02scIfSu5yzMXHCm7QnU1VTRSBQVEYg
U2lnbmluZyBLZXkgPHN1cHBvcnRAc3VzZS5jb20+iGIEExECACICGwMECwcDAgMV
AgMDFgIBAh4BAheABQJL4BoaBQkQ4tkDAAoJEGx0znOze5ipiDoAn0YH3g6kFZfO
BcxASwMft1iuWVT5AKCQFQ1deyNwXvo+eCH/dGpt5nj1d7kBDQRCgg8ZEAQAkwPg
vF3r+7NNqgJyiW4w5yGXgu5H4Kmd9wXAT6sUOPU+4GRJJep0dUxHgdis2BboBDlO
YVWE061pua8Ut6mA5Rx0/KOCeTL3SJtXMcknop/4fSLfnPN0/bsbALAN7RtmEJnV
QXba7C/jY04J2p0wtWfF9Zh2/O0EaPmiVjkakHMAAwUD/0T/fMgYwD1ROk1aB7KW
0bcro2hYfXCPTZtpZI6qfRbwKr8SQ6wSSWRi+p1hrtY6SBSNqw3mW4K42bPewanI
KdGc9mDt2ecQK5TAScL6VKwPvR0LK5GXJsYZjm1/uf4dWAfoy5T8jqObjL+uavtd
RKcJVbquhZwMeAeOqiPaCFMliEwEGBECAAwFAkvgGiYFCRDi2Q0ACgkQbHTOc7N7
mKndUgCfUmb1pAbgOJ3axZbe9HSwAb/BxlEAoKriKwSDH8XsRPQSp493OfB5UDpP
=GBuj
-----END PGP PUBLIC KEY BLOCK-----
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org