From 73629be07811107102ad2b946702ac690848d5ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 15 Mar 2022 16:01:46 +0100 Subject: [PATCH] Remove %gpgverify and /usr/lib/rpm/gpgverify, it is available in RHEL 8.4+ The RHEL's macro is identical, except it uses /usr/lib/rpm/redhat/gpgverify. Added in https://bugzilla.redhat.com/1874576 --- epel-rpm-macros.spec | 10 ++-- gpgverify | 116 ----------------------------------------- macros.epel-rpm-macros | 18 ------- 3 files changed, 4 insertions(+), 140 deletions(-) delete mode 100755 gpgverify diff --git a/epel-rpm-macros.spec b/epel-rpm-macros.spec index 4b07174..59663d5 100644 --- a/epel-rpm-macros.spec +++ b/epel-rpm-macros.spec @@ -1,6 +1,6 @@ Name: epel-rpm-macros Version: 8 -Release: 27 +Release: 28 Summary: Extra Packages for Enterprise Linux RPM macros Group: System Environment/Base @@ -12,7 +12,6 @@ License: GPLv2 URL: http://download.fedoraproject.org/pub/epel Source0: macros.epel-rpm-macros Source1: macros.zzz-epel-override -Source2: gpgverify Source3: pythondist.attr Source9: GPL @@ -68,9 +67,6 @@ install -Dpm 644 %{SOURCE0} \ install -Dpm 644 %{SOURCE1} \ %{buildroot}%{_sysconfdir}/rpm/macros.zzz-epel-override -install -Dpm 755 %{SOURCE2} \ - %{buildroot}%{_rpmconfigdir}/gpgverify - install -Dpm 644 %{SOURCE3} \ %{buildroot}%{_fileattrsdir}/pythondist.attr @@ -93,7 +89,6 @@ install -Dpm 644 %{SOURCE150} \ %license GPL %{_rpmmacrodir}/macros.epel-rpm-macros %{_sysconfdir}/rpm/macros.zzz-epel-override -%{_rpmconfigdir}/gpgverify %{_fileattrsdir}/pythondist.attr # misc macros @@ -108,6 +103,9 @@ install -Dpm 644 %{SOURCE150} \ %changelog +* Tue Mar 15 2022 Miro HronĨok - 8-28 +- Remove %%gpgverify and /usr/lib/rpm/gpgverify, it is available in RHEL 8.4+ + * Wed Jan 19 2022 Pablo Greco - 8-27 - Backport systemd sysusers macros from Fedora diff --git a/gpgverify b/gpgverify deleted file mode 100755 index 1673549..0000000 --- a/gpgverify +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash - -# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - -function print_help { - cat <<'EOF' -Usage: gpgverify --keyring= --signature= --data= - -gpgverify is a wrapper around gpgv designed for easy and safe scripting. It -verifies a file against a detached OpenPGP signature and a keyring. The keyring -shall contain all the keys that are trusted to certify the authenticity of the -file, and must not contain any untrusted keys. - -The differences, compared to invoking gpgv directly, are that gpgverify accepts -the keyring in either ASCII-armored or unarmored form, and that it will not -accidentally use a default keyring in addition to the specified one. - -Parameters: - --keyring= keyring with all the trusted keys and no others - --signature= detached signature to verify - --data= file to verify against the signature -EOF -} - - -fatal_error() { - message="$1" # an error message - status=$2 # a number to use as the exit code - echo "gpgverify: $message" >&2 - exit $status -} - - -require_parameter() { - term="$1" # a term for a required parameter - value="$2" # Complain and terminate if this value is empty. - if test -z "${value}" ; then - fatal_error "No ${term} was provided." 2 - fi -} - - -check_status() { - action="$1" # a string that describes the action that was attempted - status=$2 # the exit code of the command - if test $status -ne 0 ; then - fatal_error "$action failed." $status - fi -} - - -# Parse the command line. -keyring= -signature= -data= -for parameter in "$@" ; do - case "${parameter}" in - (--help) - print_help - exit - ;; - (--keyring=*) - keyring="${parameter#*=}" - ;; - (--signature=*) - signature="${parameter#*=}" - ;; - (--data=*) - data="${parameter#*=}" - ;; - (*) - fatal_error "Unknown parameter: \"${parameter}\"" 2 - ;; - esac -done -require_parameter 'keyring' "${keyring}" -require_parameter 'signature' "${signature}" -require_parameter 'data file' "${data}" - -# Make a temporary working directory. -workdir="$(mktemp --directory)" -check_status 'Making a temporary directory' $? -workring="${workdir}/keyring.gpg" - -# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't -# ASCII-armored. -gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}" -check_status 'Decoding the keyring' $? - -# Verify the signature using the decoded keyring. -gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}" -check_status 'Signature verification' $? - -# (--homedir isn't actually necessary. --dearmor processes only the input file, -# and if --keyring is used and contains a slash, then gpgv2 uses only that -# keyring. Thus neither command will look for a default keyring, but --homedir -# makes extra double sure that no default keyring will be touched in case -# another version of GPG works differently.) - -# Clean up. (This is not done in case of an error that may need inspection.) -rm --recursive --force ${workdir} diff --git a/macros.epel-rpm-macros b/macros.epel-rpm-macros index 58ef1ac..e80031d 100644 --- a/macros.epel-rpm-macros +++ b/macros.epel-rpm-macros @@ -138,24 +138,6 @@ %python_wheel_pkg_prefix python%{?rhel:%{!?eln:%{python3_pkgversion}}} %python_wheel_dir %{_datadir}/%{python_wheel_pkg_prefix}-wheels -# gpgverify verifies signed sources. There is documentation in the script. -%gpgverify(k:s:d:) %{lua: -local script = rpm.expand("%{_rpmconfigdir}/gpgverify ") -local keyring = rpm.expand("%{-k*}") -local signature = rpm.expand("%{-s*}") -local data = rpm.expand("%{-d*}") -print(script) -if keyring ~= "" then - print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' ")) -end -if signature ~= "" then - print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' ")) -end -if data ~= "" then - print(rpm.expand("--data='%{SOURCE" .. data .. "}' ")) -end -} - # qt5 macro removed from RHEL8 but needed to ensure qtwebengine, and # it's dependencies build on supported arches. %qt5_qtwebengine_arches %{ix86} x86_64 %{arm} aarch64 mips mipsel mips64el