Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openSUSE-build-key for openSUSE:Factory checked in at 2024-03-13 22:16:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openSUSE-build-key (Old) and /work/SRC/openSUSE:Factory/.openSUSE-build-key.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openSUSE-build-key" Wed Mar 13 22:16:16 2024 rev:40 rq:1155499 version:1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openSUSE-build-key/openSUSE-build-key.changes 2023-05-26 20:14:16.527834214 +0200 +++ /work/SRC/openSUSE:Factory/.openSUSE-build-key.new.1770/openSUSE-build-key.changes 2024-03-13 22:16:35.623890656 +0100 @@ -1,0 +2,19 @@ +Wed Mar 6 09:34:52 UTC 2024 - Marcus Meissner <[email protected]> + +- add unexpired openSUSE zSystems key (bsc#1220993) + - replace gpg-pubkey-f6ab3975-5edd7d4f.asc + - by gpg-pubkey-f6ab3975-62e9e6fb.asc + +------------------------------------------------------------------- +Mon Feb 19 12:30:15 UTC 2024 - Marcus Meissner <[email protected]> + +- added new suse container key, moved the old one to -old + +------------------------------------------------------------------- +Tue Jun 6 14:59:18 UTC 2023 - Marcus Meissner <[email protected]> + +- openSUSE-build-key-import.service,openSUSE-build-key-import.service.timer, + import-openSUSE-build-key: + Add systemd timer and service framework that imports new keys. + +------------------------------------------------------------------- Old: ---- gpg-pubkey-f6ab3975-5edd7d4f.asc New: ---- build-container-8fd6c337-63c94b45.asc build-container-8fd6c337-63c94b45.pem gpg-pubkey-f6ab3975-62e9e6fb.asc import-openSUSE-build-key openSUSE-build-key-import.service openSUSE-build-key-import.timer ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openSUSE-build-key.spec ++++++ --- /var/tmp/diff_new_pack.7qWF1t/_old 2024-03-13 22:16:36.287915084 +0100 +++ /var/tmp/diff_new_pack.7qWF1t/_new 2024-03-13 22:16:36.291915232 +0100 @@ -1,7 +1,7 @@ # # spec file for package openSUSE-build-key # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,7 +44,7 @@ Source3: gpg-pubkey-697ba1e5-5c755904.asc # zSystems -Source5: gpg-pubkey-f6ab3975-5edd7d4f.asc +Source5: gpg-pubkey-f6ab3975-62e9e6fb.asc # PowerPC Source6: gpg-pubkey-8ede3e07-5c755f3a.asc @@ -63,10 +63,23 @@ Source12: build-container-202304-d684afec-64390cff.pem Source13: build-container-202304-d684afec-64390cff.asc +# 2023 Container key SUSE in PEM and GPG formats +Source14: build-container-8fd6c337-63c94b45.pem +Source15: build-container-8fd6c337-63c94b45.asc + + Source98: security_at_suse_de.asc + +# Auto Import handling via systemd timer + service. +# Needed in Leap currently, but also have it here. +Source101: import-openSUSE-build-key +Source102: %name-import.service +Source103: %name-import.timer + BuildRequires: gpg Conflicts: suse-build-key Provides: build-key = %{version} +BuildRequires: systemd-rpm-macros # Old 1024 bit RSA key for SLE11. Obsoletes: gpg-pubkey = 307e3d54-5aaa90a5 @@ -115,10 +128,12 @@ done mkdir -p %{buildroot}%{containerkeydir}/ install -c -m 644 %{SOURCE7} %{buildroot}%{containerkeydir}/opensuse-container-key.asc -install -c -m 644 %{SOURCE8} %{buildroot}%{containerkeydir}/suse-container-key.asc +install -c -m 644 %{SOURCE8} %{buildroot}%{containerkeydir}/suse-container-key-old.asc +install -c -m 644 %{SOURCE15} %{buildroot}%{containerkeydir}/suse-container-key.asc install -c -m 644 %{SOURCE13} %{buildroot}%{containerkeydir}/opensuse-container-key-2023.asc mkdir -p %{buildroot}%{pemcontainerkeydir}/ -install -c -m 644 %{SOURCE11} %{buildroot}%{pemcontainerkeydir}/suse-container-key.pem +install -c -m 644 %{SOURCE14} %{buildroot}%{pemcontainerkeydir}/suse-container-key.pem +install -c -m 644 %{SOURCE11} %{buildroot}%{pemcontainerkeydir}/suse-container-key-old.pem install -c -m 644 %{SOURCE12} %{buildroot}%{pemcontainerkeydir}/opensuse-container-key-2023.pem if [ -e "%_sourcedir/_pubkey" ]; then name="$(sh %{SOURCE0} %_sourcedir/_pubkey).asc" @@ -127,6 +142,27 @@ fi fi +mkdir -p $RPM_BUILD_ROOT/usr/bin/ +mkdir -p $RPM_BUILD_ROOT/var/lib/%name +install -m 755 %{SOURCE101} $RPM_BUILD_ROOT/usr/bin/import-%name +mkdir -p $RPM_BUILD_ROOT/%_unitdir +install -m 644 %{SOURCE102} $RPM_BUILD_ROOT/%_unitdir/ +install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/%_unitdir/ + +%post +touch /var/lib/%{name}/imported +%service_add_post openSUSE-build-key-import.service openSUSE-build-key-import.timer +test -x /usr/bin/systemctl && systemctl enable openSUSE-build-key-import.timer && systemctl start openSUSE-build-key-import.timer || true + +%pre +%service_add_pre openSUSE-build-key-import.service openSUSE-build-key-import.timer + +%preun +%service_del_preun openSUSE-build-key-import.service openSUSE-build-key-import.timer + +%postun +%service_del_postun openSUSE-build-key-import.service openSUSE-build-key-import.timer + %files %defattr(644,root,root) %doc security_at_suse_de.asc @@ -138,7 +174,14 @@ %{keydir}/gpg-pubkey-*.asc %{containerkeydir}/opensuse-container-key.asc %{containerkeydir}/suse-container-key.asc +%{containerkeydir}/suse-container-key-old.asc %{containerkeydir}/opensuse-container-key-2023.asc %{pemcontainerkeydir}/suse-container-key.pem +%{pemcontainerkeydir}/suse-container-key-old.pem +%attr(755,root,root) %_bindir/import-%name %{pemcontainerkeydir}/opensuse-container-key-2023.pem +%dir /var/lib/%{name} +%ghost /var/lib/%{name}/imported +%_unitdir/%name-import.service +%_unitdir/%name-import.timer ++++++ build-container-8fd6c337-63c94b45.pem ++++++ -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxfZssLE2jeY1swPb5WGe 8C/FWKmIxlGLm9amCNdgheAn8RzuM8slA+TJefAQnrUnC4Qn9ykjQZjH6o2e2ueA KFdgOdHnlS2d6lETB8dd4O8HYDJx0CEk2SCbAKVuzLbcbP4ug/QDc+Bm8ldxfc+D GnLVRAt85brSTnfgOHY1PbQ1JAV+ByibbjCZuFmw4gIkMzeiy3M4wJZwblFM4a3s X2bW/6GWaGz6AMOjCyAPI6shyG5wHZM7OvJJ8lfhXRTZo4Cc5qC0Nyq9Xu3O6DmV opIajhHc36kdcetmd7TB5OSbQZCLyReAF75LV74y8960+44NptR62hdw1ovCJMfV mU6m+k/MsN8AIyRFR6dNF9wTOKi67OpPtybiRufCfMvD4VEeoINzEJytToq2XGSc +hIxtmPOhqDKHH0As113sjTqqo20Ik233x9FFeTFD8Or7ahpqjiv5YCufk9AoQbC xMIjrK9RkQYgW4RycgvXGASobwN8EE+OsMcyMUER/pdCtQhTQCc1jYLt85VhfEkC 4k9szMB8eZrdV9re/Ku6vnCeXRR5yn2NWKO88U4HfxEpJv5s2uFJi37+x/v9w7Uh +864W/9NexXg/JFNsvh0Kmxsbi3ZegaouLyrMCHwSA3ByBZ2yCf2VuFPyUCNEZOH Owi0oc9TgY1yopjsTneyGaMCAwEAAQ== -----END PUBLIC KEY----- ++++++ import-openSUSE-build-key ++++++ #!/bin/bash # triggerfile=/var/lib/openSUSE-build-key/imported # if zypp is running we will get into lock conflicts, and zypper might die # unexpectedly. if [ -s /run/zypp.pid ]; then exit 0 fi # first remove trigger file rm -f $triggerfile # The import might fail if something has locked the RPM database. in that case we retry again on next boot or so. # Example here is from SLES, but we can use it for openSUSE when needed: # Upcoming SLES 15 4096 bit RSA key #if test -f /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc; then # rpm -q gpg-pubkey-3fa1d6ce > /dev/null || # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc || touch $triggerfile #fi #if test -f /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc; then # rpm -q gpg-pubkey-d588dc46 > /dev/null || # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc || touch $triggerfile #fi # if we have finished import, disable and stop the timer. if [ ! -f $triggerfile -a -x /usr/bin/systemctl ] ; then systemctl stop suse-build-key-import.timer systemctl disable suse-build-key-import.timer fi ++++++ openSUSE-build-key-import.service ++++++ [Unit] Description=Service to import new GPG Keys into RPM database After=local-fs.service [Service] Type=oneshot ExecStart=/usr/sbin/import-openSUSE-build-key [Install] WantedBy=multi-user.target ++++++ openSUSE-build-key-import.timer ++++++ [Unit] Description=Timer that starts importing new GPG keys into RPM Database. [Timer] OnUnitActiveSec=5min [Install] WantedBy=timers.target
