https://bugzilla.redhat.com/show_bug.cgi?id=2331188
--- Comment #4 from Brandon Nielsen <[email protected]> --- (In reply to Fedora Review Service from comment #2) > Copr build: > https://copr.fedorainfracloud.org/coprs/build/8371525 > (succeeded) > > Review template: > https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora- > review-2331188-firetools/fedora-rawhide-x86_64/08371525-firetools/fedora- > review/review.txt > > Please take a look if any issues were found. > > > --- > This comment was created by the fedora-review-service > https://github.com/FrostyX/fedora-review-service > > If you want to trigger a new Copr build, add a comment containing new > Spec and SRPM URLs or [fedora-review-service-build] string. Regarding "Sources are verified with gpgverify first in %prep if upstream publishes signatures. Note: gpgverify is not used." I would love to add a gpgverify step[0] as upstream does provide a key[1] and signed hashes. But the published asc[2] file isn't a detached signature so the macro doesn't understand it. I could feasibly "unarmor" the asc file and then run sha256 sum. Given the security nature of the package, it might be an avenue worth pursuing. [0] - https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures [1] - https://firejailtools.wordpress.com/downloads/ [2] - https://sourceforge.net/projects/firejail/files/firetools/firetools-0.9.72.asc/download -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2331188 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202331188%23c4 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
