[libvirt] [libvirt-glib] spec: Add verification of the tarball GPG signature

Daniel P. Berrange berrange at redhat.com
Thu Apr 14 09:21:47 UTC 2016


On Thu, Apr 14, 2016 at 11:12:00AM +0200, Christophe Fergeau wrote:
> This at least allows to make sure that all tarballs are signed with the
> same GPG key, and that the tarball was not corrupted between the time it
> was uploaded upstream, and the time the RPM is built.
> 
> danpb-BE86EBB415104FDF.gpg is generated with:
> gpg2 -v --armor --export 15104FDF | gpg2 --no-default-keyring --keyring ./danpb-BE86EBB415104FDF.gpg --import
> ---
>  libvirt-glib.spec.in | 4 ++++
>  1 file changed, 4 insertions(+)

ACK


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list