verify upstream source signature

Per the packaging guidelines¹.

While adjusting the git ignore rules for the signature file, replace
many older tarball entries with a simple glob.  Ignore expanded source
directories as well.

¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
i9ce
Todd Zullinger 2 years ago
parent bbf821b2c0
commit 1c3fb52316

28
.gitignore vendored

@ -1,26 +1,2 @@
fail2ban-FAIL2BAN-0_8.tar.bz2 /fail2ban-*/
fail2ban-0.8.4.tar.bz2 /fail2ban-*.tar.gz*
/fail2ban_0.8.7.1.orig.tar.gz
/fail2ban_0.8.8.orig.tar.gz
/fail2ban-0.8.10.tar.gz
/fail2ban-0.8.11.tar.gz
/fail2ban-0.9-d529151.tar.xz
/fail2ban-0.9-1f1a561.tar.xz
/fail2ban-0.9.tar.gz
/fail2ban-0.9.1.tar.gz
/fail2ban-0.9.2.tar.gz
/fail2ban-0.9.3.tar.gz
/fail2ban-0.9.4.tar.gz
/fail2ban-0.9.5.tar.gz
/fail2ban-0.9.6.tar.gz
/fail2ban-0.9.7.tar.gz
/fail2ban-0.10.0.tar.gz
/fail2ban-0.10.1.tar.gz
/fail2ban-0.10.2.tar.gz
/fail2ban-0.10.3.1.tar.gz
/fail2ban-0.10.4.tar.gz
/fail2ban-0.10.5.tar.gz
/fail2ban-0.11.1.tar.gz
/fail2ban-0.11.2.tar.gz
/fail2ban-1.0.1.tar.gz
/fail2ban-1.0.2.tar.gz

@ -1,16 +1,27 @@
Name: fail2ban Name: fail2ban
Version: 1.0.2 Version: 1.0.2
Release: 3%{?dist} Release: 4%{?dist}
Summary: Daemon to ban hosts that cause multiple authentication errors Summary: Daemon to ban hosts that cause multiple authentication errors
License: GPLv2+ License: GPLv2+
URL: http://fail2ban.sourceforge.net/ URL: http://fail2ban.sourceforge.net/
Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/%{name}/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
# Releases are signed by Serg G. Brester (sebres) <info AT sebres.de>. The
# fingerprint can be found in a signature file:
# gpg --list-packets fail2ban-1.0.2.tar.gz.asc | grep 'issuer fpr'
#
# The following commands can be used to fetch the signing key via fingerprint
# and extract it:
# fpr=8738559E26F671DF9E2C6D9E683BF1BEBD0A882C
# gpg --receive-keys $fpr
# gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
Source2: gpgkey-8738559E26F671DF9E2C6D9E683BF1BEBD0A882C.asc
# SELinux policy # SELinux policy
Source1: fail2ban.fc Source3: fail2ban.fc
Source2: fail2ban.if Source4: fail2ban.if
Source3: fail2ban.te Source5: fail2ban.te
Source4: Makefile Source6: Makefile
# Give up being PartOf iptables and ipset for now # Give up being PartOf iptables and ipset for now
# https://bugzilla.redhat.com/show_bug.cgi?id=1379141 # https://bugzilla.redhat.com/show_bug.cgi?id=1379141
@ -43,6 +54,7 @@ BuildRequires: systemd
BuildRequires: selinux-policy-devel BuildRequires: selinux-policy-devel
BuildRequires: make BuildRequires: make
BuildRequires: bash-completion BuildRequires: bash-completion
BuildRequires: gnupg2
# Default components # Default components
Requires: %{name}-firewalld = %{version}-%{release} Requires: %{name}-firewalld = %{version}-%{release}
@ -206,6 +218,7 @@ by default.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -p1 %autosetup -p1
# Use Fedora paths # Use Fedora paths
@ -216,7 +229,7 @@ find -type f -exec sed -i -e '1s,^#!/usr/bin/python *,#!/usr/bin/python%{python3
%endif %endif
# SELinux sources # SELinux sources
cp -p %SOURCE1 %SOURCE2 %SOURCE3 . cp -p %SOURCE3 %SOURCE4 %SOURCE5 .
# 2to3 has been removed from setuptools and we already use the binary in # 2to3 has been removed from setuptools and we already use the binary in
# %%prep. # %%prep.
@ -229,7 +242,7 @@ sed -i "/use_2to3/d" setup.py
%else %else
%py3_build %py3_build
%endif %endif
make -f %SOURCE4 make -f %SOURCE6
%install %install
@ -411,6 +424,9 @@ fi
%changelog %changelog
* Sun Apr 02 2023 Todd Zullinger <tmz@pobox.com> - 1.0.2-4
- verify upstream source signature
* Thu Mar 30 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-3 * Thu Mar 30 2023 Orion Poplawski <orion@nwra.com> - 1.0.2-3
- Add upstream patch to remove warning about allowipv6 (bz#2160781) - Add upstream patch to remove warning about allowipv6 (bz#2160781)

@ -0,0 +1,29 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFeHbzIBCACWgr54J4t2fpI7EIrMTqso5kqPRTSY7eO2T0965JW6Zl4C0HZT
Wz+9c5aGlKeotf4Fv7zOhpUwULFSGAq3tVbxAxW9++LAXPGad6uE4aPsXoQ6+0RV
lJozNclURRal46vz3uuGLiSJ5+VQ1WD1sFLuw2/bMzE4GFR0z4w4UOc3ufAQ3obC
i5szSy5JWtCsmvCdNlhXTxa66aUddN8/8IHJSB6QZabGEcG4WfsfhUiH38KUuqrO
hYvT9ROY74pwSsHuWEzVRE00eJB4uxngsKHAGMYhkNxdKCG7Blu2IbJRcBE8QAs3
BGqJR8FBify86COZYUZ7CuAyLyo1U6BZd7ohABEBAAG0KVNlcmcgRy4gQnJlc3Rl
ciAoc2VicmVzKSA8aW5mb0BzZWJyZXMuZGU+iQE4BBMBAgAiBQJXh28yAhsDBgsJ
CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBoO/G+vQqILMThB/0YUr7Y+urJChgm
NG9exjjmTayoNb+XiMR5T2+A919NrKulEaH2mb51B7XBmFuCj8x5O1wA3xYo7B6h
RVuNyb2eI3+bRD33QsKcs6NsgK/I1xLD15NrEftPckWqYypR6//u9Tmz5o9n9+/n
2dH7SU7UPW468/bRUhFp+SQ70B0XLdyDgGLEN9TNsAvnEi30Vtjbia4Lp/NXYRkq
GEzvpgZ7Dt9YhT+qdSs6AwyN0ZhnvX+zqXi+Q18xlbnuq2ZZkwK8Es/HdEDu2HNJ
3nn3l15pyMe/OxYhg646NcqGR6j1rEZ7jXyN2i5sEdspXfwv0lGtLr7ANElWqOvX
XYBAspRvuQENBFeHbzIBCACyCMv4CQ+blzj53ZLPyBMnj38oQ7bbpAtDThfB8hEZ
uk6Kmo799Zo2rLG2iqvy8SEuN/bLQKyzFTiB4UYWvRxne792N0nWLU24/bd7j/Gh
Q4EHUhs38WRSYtu93XCKzvyzn5s3504luOBF6czNrLeDfWXGVGosBsBoASY7de7a
kiXb7a28dNDSG0JaR+QwONjmde9hAzqOX0iOYHvJeu68UKaUp4IrJ+nTMHFhwUbf
awCmz+NPPrm360j4BuvYSWhS06tM7c6+gfvXHOTtJ5TEGbrm+I8d2q7nhxg3nku6
7qnddkW2OS8EQVlw7XFox929mTLzw0MEmjqmSRTx2Qk3ABEBAAGJAR8EGAECAAkF
AleHbzICGwwACgkQaDvxvr0KiCwdxQf7BM7jo6v7uU7324ZkLQmtZndcXnXZMbSw
2pDzR2h01Vx7dHppzNOkyv8DvUWttwaMaTU57cdzThTkQPk8Lx8sCvi40RmWS2vs
IArgTS1HNStprPUg4sk99JOZg2y4LBqkLUxZveDsH+rXdFA/fp8048/M4ss6qj4O
ySe4crABbbv5yRADBJZt4LQdFoNGEpSaOtcxJmwJ7hrV+wQhVMm9m+/JpgzNT4rb
muPgveqzmSiTGJ6Yy2bEKyY0dCyPuWbWWPt4mCcT+9emZC1O8EjST0i9f9EUUU6c
6UCy7zi5EQ9CVv1Dlz1qefm/5/iFAAFQ5DtYC3cwDq8CqgqzoHMtNg==
=vqSW
-----END PGP PUBLIC KEY BLOCK-----

@ -1 +1,2 @@
SHA512 (fail2ban-1.0.2.tar.gz) = 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb SHA512 (fail2ban-1.0.2.tar.gz) = 688a84361b5794e1658f53d2d200ce752fe1e3320ddb1742c32c4b4b82a79ace16ae464e7ea3eeb94a0e862bcac73c2d3a0e61dd7b28e179a4c857f950d74dbb
SHA512 (fail2ban-1.0.2.tar.gz.asc) = 1c0af7e454d52879788d9728010a68159a94668d93799da5533999e8c821db87f651b3606347af16fd92a4540a7a343dc682f72bb3bab14e3666f848883d8644

Loading…
Cancel
Save