Hello community, here is the log from the commit of package openSUSE-build-key for openSUSE:Factory checked in at 2011-10-24 12:51:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openSUSE-build-key (Old) and /work/SRC/openSUSE:Factory/.openSUSE-build-key.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openSUSE-build-key", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/openSUSE-build-key/openSUSE-build-key.changes 2011-09-23 02:15:10.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openSUSE-build-key.new/openSUSE-build-key.changes 2011-10-24 14:00:02.000000000 +0200 @@ -1,0 +2,6 @@ +Fri Oct 21 12:21:04 UTC 2011 - [email protected] + +- remove no longer used keys from (bnc#724625) +- clean up packaging for easier maintenance + +------------------------------------------------------------------- Old: ---- openSUSE-build-key.gpg New: ---- gpg-pubkey-307e3d54-4be01a65.asc gpg-pubkey-3d25d3d9-36e12d04.asc gpg-pubkey-3dbdc284-4be1884d.asc gpg-pubkey-56b4177a-4be18cab.asc gpg-pubkey-9c800aca-4be01999.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openSUSE-build-key.spec ++++++ --- /var/tmp/diff_new_pack.AeVDuO/_old 2011-10-24 14:00:04.000000000 +0200 +++ /var/tmp/diff_new_pack.AeVDuO/_new 2011-10-24 14:00:04.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package openSUSE-build-key (Version 1.0) +# spec file for package openSUSE-build-key # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,12 +29,17 @@ Summary: The public gpg key for rpm package signature verification Version: 1.0 Release: 4 -Source0: openSUSE-build-key.gpg -Source1: dumpsigs +Source0: gpg-pubkey-307e3d54-4be01a65.asc +Source1: gpg-pubkey-3d25d3d9-36e12d04.asc +Source2: gpg-pubkey-3dbdc284-4be1884d.asc +Source3: gpg-pubkey-56b4177a-4be18cab.asc +Source4: gpg-pubkey-9c800aca-4be01999.asc +Source100: dumpsigs BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %define pubring usr/lib/rpm/gnupg/pubring.gpg %define susering usr/lib/rpm/gnupg/suse-build-key.gpg +%define keydir usr/lib/rpm/gnupg/keys PreReq: sh-utils gpg fileutils mktemp %description @@ -50,16 +55,19 @@ %prep -rm -f foobarnosuchfileordirectory -#%setup %build %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr/lib/rpm/gnupg -install %{SOURCE0} $RPM_BUILD_ROOT/%{susering} -install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg +install -d -m 755 $RPM_BUILD_ROOT/%{keydir} +for i in %sources; do + case "$i" in + *.asc) install -m 644 "$i" $RPM_BUILD_ROOT/%{keydir};; + esac +done +install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg touch $RPM_BUILD_ROOT/%{pubring} touch $RPM_BUILD_ROOT/%{pubring}~ @@ -67,7 +75,7 @@ %defattr(644,root,root) %attr(755,root,root) %dir /usr/lib/rpm/gnupg %attr(755,root,root) /usr/lib/rpm/gnupg/dumpsigs -%config /%{susering} +/%keydir %ghost /%{pubring} %ghost /%{pubring}~ @@ -75,12 +83,7 @@ if [ ! -f %{pubring} ]; then touch %{pubring} fi -echo -n "importing SuSE build key to rpm keyring... " -TF=`mktemp /tmp/gpg.XXXXXX` -if [ -z "$TF" ]; then - echo "suse-build-key::post: cannot make temporary file. Fatal error." - exit 20 -fi +echo -n "importing SUSE keys to rpm keyring... " if [ -z "$HOME" ]; then HOME=/root fi @@ -91,34 +94,32 @@ # no kidding... gpg won't initialize correctly without being called twice. gpg < /dev/null > /dev/null 2>&1 || true gpg < /dev/null > /dev/null 2>&1 || true -gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ - --keyring %{susering} --export -a > $TF -a="$?" -gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ - --keyring %{pubring} --import < $TF -b="$?" -rm -f "$TF" -if [ "$a" = 0 -a "$b" = 0 ]; then +# +failed=0 +for i in %keydir/*.asc; do + gpg -q --batch --no-options \ + --no-permission-warning \ + --no-default-keyring \ + --keyring=/%{pubring} \ + --import \ + "$i" || failed=1 +done +if [ "$failed" = 0 ]; then echo "done." else - echo "importing the key from the file %{susering}" + echo "importing one of the gpg keys in %keydir" echo "returned an error. This should not happen. It may not be possible" - echo "to properly verify the authenticity of rpm packages from SuSE sources." - echo "The keyring containing the SuSE rpm package signing key can be found" - echo "in the root directory of the first CD (DVD) of your SuSE product." + echo "to properly verify the authenticity of rpm packages from SUSE sources." + echo "The keyring containing the SUSE rpm package signing key can be found" + echo "in the root directory of the first CD (DVD) of your SUSE product." exit -1 fi ### import suse package build key to roots gpg keyring -if test -f root/.gnupg/pubring.gpg ; then - chroot . usr/bin/gpg --export --armor --no-default-keyring \ - --keyring %{susering} [email protected] \ +chroot . usr/bin/gpg --export --armor --no-default-keyring \ + --keyring %{pubring} [email protected] \ | chroot . usr/bin/gpg --import || true - if ! chroot . usr/bin/gpg --list-keys [email protected] >/dev/null 2>&1 ; then +if ! chroot . usr/bin/gpg --list-keys [email protected] >/dev/null 2>&1 ; then echo "gpg import for [email protected] failed, please import manually" >&2 - fi -else - cp %{susering} root/.gnupg/pubring.gpg fi -chmod 600 root/.gnupg/pubring.gpg %changelog ++++++ dumpsigs ++++++ --- /var/tmp/diff_new_pack.AeVDuO/_old 2011-10-24 14:00:04.000000000 +0200 +++ /var/tmp/diff_new_pack.AeVDuO/_new 2011-10-24 14:00:04.000000000 +0200 @@ -1,15 +1,43 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w +# dump all keys contained in the keyring specified as argument -my $keyring=''; +use strict; -$keyring="--no-default-keyring --keyring=$ARGV[0]" if $ARGV[0] ne ''; +my @keyring; + +die "must specify keyring\n" unless @ARGV; + +my $file = shift @ARGV; +unless ($file =~ /^\//) { + use Cwd qw/abs_path/; + $file = abs_path($file); +} + +# XXX: workaround for colons in obs project names o_O +if ($file =~ /:/) { + use File::Temp qw/tempdir/; + my $tmpdir = tempdir( CLEANUP => 1); + my $nn = $file; + $nn =~ s/.*\///; + $nn = $tmpdir.'/'.$nn; + symlink($file, $nn) or die "failed to symlink: $!\n"; + $file = $nn; +} + +@keyring = ('--no-default-keyring', '--keyring='.$file); my @line; my $ver; my $rel; my $name; +my %names; + +my @cmd = qw/--no-secmem-warning --no-options --list-sigs --list-options show-keyring --fixed-list-mode --with-colons/; +unshift @cmd, @keyring; +unshift @cmd, 'gpg'; +#print join(' ', @cmd), "\n"; -open(GPG, "gpg $keyring --no-secmem-warning --list-sigs --list-options show-keyring --fixed-list-mode --with-colons |"); +open(GPG, '-|', @cmd); while (<GPG>) { chomp; next unless /^pub:/; @@ -23,7 +51,7 @@ while (1) { $_ = <GPG>; chomp; - die unless /^sig:/; + next unless /^sig:/; @line = split(':', $_); next if $line[4] ne $id; $ver = lc($id); @@ -31,12 +59,33 @@ $rel = sprintf("%08x", $line[5]); last; } - $names{"gpg-pubkey-$ver-$rel"} = $id; + $names{"gpg-pubkey-$ver-$rel"} = [ $id, $name ]; } close GPG; my $n; for $n (sort keys %names) { - print "writing $n.asc\n"; - system("gpg $keyring --no-secmem-warning --export -a '$names{$n}' >$n.asc"); + @cmd = qw/--no-options --no-secmem-warning --export-options export-minimal --export -a/; + push @cmd, $names{$n}[0]; + unshift @cmd, @keyring; + unshift @cmd, 'gpg'; + my $fn = $n.".asc"; + unless (open(O, '>', $fn)) { + warn "failed to open $fn: $!"; + next; + } + printf O "%s %s\n\n", $names{$n}[0], $names{$n}[1]; + print "writing $fn\n"; + #print join(' ', @cmd), "\n"; + unless (open(GPG, '-|', @cmd)) { + warn "failed to exec gpg: $!"; + close O; + unlink $fn; + next; + } + while(<GPG>) { + print O; + } + close GPG; + close O; } ++++++ gpg-pubkey-307e3d54-4be01a65.asc ++++++ E3A5C360307E3D54 SuSE Package Signing Key <[email protected]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.16 (GNU/Linux) mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC GwMECwcDAgMVAgMDFgIBAh4BAheABQJL4BplBQkPRMsIAAoJEOOlw2Awfj1UhOsD /RkkEhOIC9NNad0F5O0rEJxvsI7Nm+6FnNJq8LjyR5+87epQCXgpaBXEGd4RcjjO TukLaHHrC1T/h4biIyf253VZHr4oJ46sUivNUFq60gl4gk56aTGTNeUWOsgrU4jm auFca3dbGcNfiJ7c7dF2CkOAR+CPMLPYTvuVIRQBAjeS =jKkp -----END PGP PUBLIC KEY BLOCK----- ++++++ gpg-pubkey-3d25d3d9-36e12d04.asc ++++++ 77B2E6003D25D3D9 SuSE Security Team <[email protected]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.16 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 zinsSx2OrWgvSiLEXXYK =m7kg -----END PGP PUBLIC KEY BLOCK----- ++++++ gpg-pubkey-3dbdc284-4be1884d.asc ++++++ B88B2FD43DBDC284 openSUSE Project Signing Key <[email protected]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.16 (GNU/Linux) mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G 3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ 93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS+GITQUJClIKDgAKCRC4iy/UPb3C hCtvCACELgrgzAbLw8p4PfsHzrEAvZbaWSLpSOCV4ZQdo0Q9vaHcsjENXfnZ7ctu hDnyVSmzy4HcVfBfLmK1xkI8ByXK9JGXt3RXuZWHBuaJQKM0hbAZZ/ScMUOs6Igu 2gmyDaJyrf1vBPtNWpMSS8Jp10iJ9/5B5Hlq4UJxMwTGZwcddhRl/UQKErygdnVg o5zTdyB05BKF4KEIvdbl9xSfifLfOT8CGBpCmnUmD6YB7agXm3OAM9bZGa2v9ipm s/haLqxS+b4plYKDN8d8xc2whEfTQD158VW0giv38w6NAd6kCxq2pg5L5PmpF9DM BZl8K2SBMEtV7BYK9wfnxaRl6Wh/ =uF5Q -----END PGP PUBLIC KEY BLOCK----- ++++++ gpg-pubkey-56b4177a-4be18cab.asc ++++++ 1C721C2456B4177A openSUSE\x3aFactory OBS Project <openSUSE\[email protected]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.16 (GNU/Linux) mQGiBEeWWzMRBADU8l2IckSzgdUS1dn0WMM7wXK4seoFsHHQw/0unHCQCxpyDMnn TKV86p5KTbR1FDdeaZlY0yCV+IGsiIxLyuUdJn8vuA5gA5ZkUr89/HtWaeZVl77J HIQxvhDRBWCOO4QNtrZYWvGbvl83wl/zOfdLEs8IGElt0LgfohyTA1qfrwCg/Hac tDDscXsPlo5Jek/+3RHVeD0D/30riCpfpLJOmhraLg1EbWsE0mN9IQsl+WDPdoYo bB76z6eH3e38618WzP/LTG4WuVbwpSSqmXyfdVpXxWzESfT8q0B8CGpHf/Sa/T/L emohmRnLvkf/tAfxFmDMm1jOewJIE9S35jANGHVJcxmfRNpPWC7uHnqjopnsmDkL kMEdBAC6YcpDOcMJZ9sJbt/JNZBaoT5CltgMDlSN50t2v/J5em8qMLqCSNF5UJyd LFnePHTHy6gVjWbqcC0ncFzOqM1y644Up7BoKSAr1hRTl6Mw9S3UfZZZ0al3JtWt 8y0eFIW3QP66w1AL0LO2bZMBuOvhb63DXv5iHorcxk0yIFbbybRCb3BlblNVU0U6 RmFjdG9yeSBPQlMgUHJvamVjdCA8b3BlblNVU0U6RmFjdG9yeUBidWlsZC5vcGVu c3VzZS5vcmc+iGYEExECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCS+GM qwUJC8//eAAKCRAcchwkVrQXenCfAKCiI/uNClNI32AaPU36o2mFIUKcHgCfby3/ 8UEqkeBRFM1zyjHBo2w/GYw= =CPJz -----END PGP PUBLIC KEY BLOCK----- ++++++ gpg-pubkey-9c800aca-4be01999.asc ++++++ A84EDAE89C800ACA SuSE Package Signing Key <[email protected]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.16 (GNU/Linux) mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff 4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohiBBMRAgAiAhsDBAsHAwID FQIDAxYCAQIeAQIXgAUCS+AZmQUJGXXzGAAKCRCoTtronIAKyl9KAJ9KyC11XDiC lhuqOJ+Q0yPL5Ge/aQCePxBrVWcVaAjGq4vTkwMkiD9FVMK5Ag0EOe70khAIAISR 0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/HZnh3TwhBIw1 FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44ht5h+6HMBzoFC MAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPTtGzcAi2jVl9h l3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM523AMgpPQtsK m9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q2Y+GqZ+yAvNW jRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8QnSs0wwPg3xE ullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWawJxRLKH6Zjo/F aKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ1sj2xYdB1xO0 ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCHORrNjq9pYWlr xsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1wwylxadmmJaJ HzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQYEQIADAUCS+AZ vQUJGXXzKwAKCRCoTtronIAKysYeAJ4yNHu8lpjQiBL69k3VNr9hbQMmzwCfcrIB TnsG384Q1YOf9lIUSYEa9sk= =yIuV -----END PGP PUBLIC KEY BLOCK----- -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
