Remove %gpgverify and /usr/lib/rpm/gpgverify, it is available in RHEL 8.4+

The RHEL's macro is identical, except it uses /usr/lib/rpm/redhat/gpgverify.

Added in https://bugzilla.redhat.com/1874576
epel8
Miro Hrončok 3 years ago
parent d733fbe476
commit 73629be078

@ -1,6 +1,6 @@
Name: epel-rpm-macros
Version: 8
Release: 27
Release: 28
Summary: Extra Packages for Enterprise Linux RPM macros
Group: System Environment/Base
@ -12,7 +12,6 @@ License: GPLv2
URL: http://download.fedoraproject.org/pub/epel
Source0: macros.epel-rpm-macros
Source1: macros.zzz-epel-override
Source2: gpgverify
Source3: pythondist.attr
Source9: GPL
@ -68,9 +67,6 @@ install -Dpm 644 %{SOURCE0} \
install -Dpm 644 %{SOURCE1} \
%{buildroot}%{_sysconfdir}/rpm/macros.zzz-epel-override
install -Dpm 755 %{SOURCE2} \
%{buildroot}%{_rpmconfigdir}/gpgverify
install -Dpm 644 %{SOURCE3} \
%{buildroot}%{_fileattrsdir}/pythondist.attr
@ -93,7 +89,6 @@ install -Dpm 644 %{SOURCE150} \
%license GPL
%{_rpmmacrodir}/macros.epel-rpm-macros
%{_sysconfdir}/rpm/macros.zzz-epel-override
%{_rpmconfigdir}/gpgverify
%{_fileattrsdir}/pythondist.attr
# misc macros
@ -108,6 +103,9 @@ install -Dpm 644 %{SOURCE150} \
%changelog
* Tue Mar 15 2022 Miro Hrončok <mhroncok@redhat.com> - 8-28
- Remove %%gpgverify and /usr/lib/rpm/gpgverify, it is available in RHEL 8.4+
* Wed Jan 19 2022 Pablo Greco <pgreco@centosproject.org> - 8-27
- Backport systemd sysusers macros from Fedora

@ -1,116 +0,0 @@
#!/bin/bash
# Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
function print_help {
cat <<'EOF'
Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
verifies a file against a detached OpenPGP signature and a keyring. The keyring
shall contain all the keys that are trusted to certify the authenticity of the
file, and must not contain any untrusted keys.
The differences, compared to invoking gpgv directly, are that gpgverify accepts
the keyring in either ASCII-armored or unarmored form, and that it will not
accidentally use a default keyring in addition to the specified one.
Parameters:
--keyring=<pathname> keyring with all the trusted keys and no others
--signature=<pathname> detached signature to verify
--data=<pathname> file to verify against the signature
EOF
}
fatal_error() {
message="$1" # an error message
status=$2 # a number to use as the exit code
echo "gpgverify: $message" >&2
exit $status
}
require_parameter() {
term="$1" # a term for a required parameter
value="$2" # Complain and terminate if this value is empty.
if test -z "${value}" ; then
fatal_error "No ${term} was provided." 2
fi
}
check_status() {
action="$1" # a string that describes the action that was attempted
status=$2 # the exit code of the command
if test $status -ne 0 ; then
fatal_error "$action failed." $status
fi
}
# Parse the command line.
keyring=
signature=
data=
for parameter in "$@" ; do
case "${parameter}" in
(--help)
print_help
exit
;;
(--keyring=*)
keyring="${parameter#*=}"
;;
(--signature=*)
signature="${parameter#*=}"
;;
(--data=*)
data="${parameter#*=}"
;;
(*)
fatal_error "Unknown parameter: \"${parameter}\"" 2
;;
esac
done
require_parameter 'keyring' "${keyring}"
require_parameter 'signature' "${signature}"
require_parameter 'data file' "${data}"
# Make a temporary working directory.
workdir="$(mktemp --directory)"
check_status 'Making a temporary directory' $?
workring="${workdir}/keyring.gpg"
# Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
# ASCII-armored.
gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
check_status 'Decoding the keyring' $?
# Verify the signature using the decoded keyring.
gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
check_status 'Signature verification' $?
# (--homedir isn't actually necessary. --dearmor processes only the input file,
# and if --keyring is used and contains a slash, then gpgv2 uses only that
# keyring. Thus neither command will look for a default keyring, but --homedir
# makes extra double sure that no default keyring will be touched in case
# another version of GPG works differently.)
# Clean up. (This is not done in case of an error that may need inspection.)
rm --recursive --force ${workdir}

@ -138,24 +138,6 @@
%python_wheel_pkg_prefix python%{?rhel:%{!?eln:%{python3_pkgversion}}}
%python_wheel_dir %{_datadir}/%{python_wheel_pkg_prefix}-wheels
# gpgverify verifies signed sources. There is documentation in the script.
%gpgverify(k:s:d:) %{lua:
local script = rpm.expand("%{_rpmconfigdir}/gpgverify ")
local keyring = rpm.expand("%{-k*}")
local signature = rpm.expand("%{-s*}")
local data = rpm.expand("%{-d*}")
print(script)
if keyring ~= "" then
print(rpm.expand("--keyring='%{SOURCE" .. keyring .. "}' "))
end
if signature ~= "" then
print(rpm.expand("--signature='%{SOURCE" .. signature .. "}' "))
end
if data ~= "" then
print(rpm.expand("--data='%{SOURCE" .. data .. "}' "))
end
}
# qt5 macro removed from RHEL8 but needed to ensure qtwebengine, and
# it's dependencies build on supported arches.
%qt5_qtwebengine_arches %{ix86} x86_64 %{arm} aarch64 mips mipsel mips64el

Loading…
Cancel
Save