[libvirt] [libvirt-glib] spec: Add verification of the tarball GPG signature
Christophe Fergeau
cfergeau at redhat.com
Thu Apr 14 09:12:00 UTC 2016
This at least allows to make sure that all tarballs are signed with the
same GPG key, and that the tarball was not corrupted between the time it
was uploaded upstream, and the time the RPM is built.
danpb-BE86EBB415104FDF.gpg is generated with:
gpg2 -v --armor --export 15104FDF | gpg2 --no-default-keyring --keyring ./danpb-BE86EBB415104FDF.gpg --import
---
libvirt-glib.spec.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libvirt-glib.spec.in b/libvirt-glib.spec.in
index 32ce4f0..3616a6e 100644
--- a/libvirt-glib.spec.in
+++ b/libvirt-glib.spec.in
@@ -28,6 +28,8 @@ Group: Development/Libraries
License: LGPLv2+
URL: http://libvirt.org/
Source0: ftp://libvirt.org/libvirt/glib/%{name}-%{version}.tar.gz
+Source1: ftp://libvirt.org/libvirt/glib/%{name}-%{version}.tar.gz.asc
+Source2: danpb-BE86EBB415104FDF.gpg
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: glib2-devel >= @GLIB2_REQUIRED@
@@ -45,6 +47,7 @@ BuildRequires: libtool
%if %{with_vala}
BuildRequires: vala-tools
%endif
+BuildRequires: gnupg2
%package devel
Group: Development/Libraries
@@ -109,6 +112,7 @@ libvirt and the glib event loop
%endif
%prep
+gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%setup -q
%build
--
2.5.5
More information about the libvir-list
mailing list