From f01486efd11ac322554afd7f830632fa5b999ae3 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Sat, 23 Sep 2017 17:01:38 +0200 Subject: [PATCH] verify tarballs during build This follows https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures . --- .gitignore | 3 ++ ...CAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc | 51 +++++++++++++++++++ libreoffice.spec | 36 +++++++------ sources | 3 ++ 4 files changed, 78 insertions(+), 15 deletions(-) create mode 100644 gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc diff --git a/.gitignore b/.gitignore index 8ac29e1..d255370 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,6 @@ /libreoffice-5.4.2.1.tar.xz /libreoffice-help-5.4.2.1.tar.xz /libreoffice-translations-5.4.2.1.tar.xz +/libreoffice-5.4.2.1.tar.xz.asc +/libreoffice-help-5.4.2.1.tar.xz.asc +/libreoffice-translations-5.4.2.1.tar.xz.asc diff --git a/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc b/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc new file mode 100644 index 0000000..5f4f64d --- /dev/null +++ b/gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBEyzEr0BEADT441wUITsTwDA2nM3kmUhGrzTdxZB5xv/E1ZJCw63qWdmdTdW +NZDfNDuLs4r2VjlEoA3xGK6jgnQvyAoNj0yiEbW/JedHHgOiVdXDlkgkY58myafT +FXqDLzTXVrsNnay0GS8XrNjptZJPhEPBvNUdkqpA9B7RTkfaXj779Pf/AeFMZVLl +UAci5RA0NNF910GHwoXT6SEv2PGoawsphnfmMVdKh9wz7asbtKXEmotCwX3k045x +LsIVK5ANOi+BI9C3LkrrFJWw2XHqDW2ulwCJ0L5QNSjOuY/v8REODwIXamvvdZOz +XBKSIzDOalJqFCHls3YlGyFw1knr6BAOmVOm32YtNTCLbVA/iK55fZWnUCjD3a4G +xz4qpQYWfpxhOmlHpk5JkraSNHzCc7SB43DwcHF5ecXHttMhO8MoN/bAZBgCuLGF +EwNvwFbDwIWo07mlv7wD8i1rtUCvLywJc5YL2PbjCLfB1Q4YzDX1EWnjKdnAsxxK +ftrx1DFlxzUF+TaHbLTPttUcsWQaL8wITznoWIwdIWlo2woPgWIpUXMOYwYV31Oo +fgmroHa3V4NOvkke09uhaZawg5yZCoRFohhfKPqT1ZrJ9SnRbW/WR3VTVY76ht5k +RuV3eb2VWBmPU9zn56Tbe6dvFkBuzHH1JdECAqy1BzFcmQQFBebFzf1XAQARAQAB +tEhMaWJyZU9mZmljZSBCdWlsZCBUZWFtIChDT0RFIFNJR05JTkcgS0VZKSA8YnVp +bGRAZG9jdW1lbnRmb3VuZGF0aW9uLm9yZz6JAjcEEwEKACEFAkyzEr0CGwMFCwkI +BwMFFQoJCAsFFgIDAQACHgECF4AACgkQ9DSh76/urqOc4w//X+74QlyRalcuLNw3 +oJKB1+1z6xxhhpwg1kw5cMMrGu0w0YoPvLDKaiS02DdkIaXDECcQTOoEh7/bYbZq +6OtE1WyxqHYYOPK5yul5FRwZ5k5HZ7pDFcKCQ72UgWhz+QznRhgZ0jwEWl5Ln3rw +JpSynIvTXHmQogId0xmcrNQPyckzzugGx4qZFinSOmDGwTgG14NU3vat2iek37Ph +BLh5V8ohlEoccwwPejtKEWQudg0Q8K7uBuqLUhnJoZodEytqpOvtysuPtGxGXnmD +7oXtBVEF3X6eFRXDIp81cx2isHK4Krf4z4T9KUimNLHjWRa+ZQtp2pZLHQlblfsn +CUf6TYZ0Yi909EhcM/hxAgBZXellOCQ/8U2cJsTUyN5Dp1wbf6X0uK4uaed1/037 +EGLAO6PP6WQz6jWd1/hhsQ5oAmdjkzlMFEfKNeIIDuKMOjXcTvM8/KRXhufwICvS +FBlSIveHfDFWCvOVgq0VjAY7NFMFKRUnRHB58qBamtyhOyscRIvT5QH8HYfUA/YN +l9FguczYUIQi3t+H1hoHIywdtmRuhYx5WlIUe8FO9QD5RMPbBjVbkCYgdHdxgnJD +KCoRGsoKlLB7UZc4Ak9j6plZbYtFRonm2MjU4zxblCFNuEqVQ0V/y6/OIGpBYF9Y +aEAtTgEJd9OmmDCM3d8O0zZHYma5Ag0ETLMSvQEQAMDp0HxSDWd+2Od/aJutCMFe +8tfw7+nP9gfHOCUqesb88QvRMJgVY6z1aNdMllxTKlsxUiuA6uNcrUAkzDp/qRWR +58rWIO642PLifng3urJ1cDbSKC+K4RHpQC+hXllMKLqq8dwNy1LO4fPo9SdtUF4B +ev6enKmo4yCiOGv2tvztPh9gMGYoDncaOsS0t2UPr2MMQIVUmmIzfJBkdOxbZiWO +doeNbWsYJHQaO+Ahal6SjPHKzhdjeXhZzHl1vqeDkV4MXHprrOwXNXwPiEpkZe2O +dc7yaMkQc0k8WRrfKHApbnwDx6Mi8HYaf+LvRq7P0eMO9osD1q44wQQvVzk199zp +MMHS5/kAv7RBNmDOSJQIZ4zT4lzRDODjMf01Ljn02zon12GfJo0WbbpmLulta7uj +HgMrUU54by8WPFGW0fljXiDX0EpkHhxUsUsfaNfBsFnE+sRxQjNF/ljvofkyApI2 +1OjtEa9krwvgDqaXsL+a2076OsoFpORlTZ30REb0eRS6rEt8M+7s4xTaA7GFxlY/ +N+bnaM8m+ItygfFHHW4H0wLbbgajDeooSTgaheVNF5V9HS0EkN4MNVvtJH7J6drd +iR1QVhX87n7+JtQzTtCOyfeKjaB+kcbAm/2VOFOeHdig5+BygpXt3IixVq72xmGz +h0jhY565MjXrqg5O3pvLABEBAAGJAh8EGAEKAAkFAkyzEr0CGwwACgkQ9DSh76/u +rqPaeg//avI2/a94XlSYtSZb2hVdW3qa9AEypQurqtVrKJfEKFV+ZQBPXbPRy8Mz +5LMEH1sfD6B4SVGIGJ8opSyieJkcKIke+GMekTWvSqDpFOgY2rw7eHNn/33ZJs3O +zQOyWz8smE/AIM/5lyiVGuSlU7RjYncf1V9bIBc91q9Edqk4IYUo/7W+yafC0VW/ +8oHUFYjHNaujiOsEoLiXsh9Y0R/6Jxs6fvE4XbCANV/ecN5UX+9BBrNZNN/9GbNr +6CYGZ57M2f1Pgywy/XvOnEPnJ8aWXUyGLqq34KvMPFPSOeAmFbkFEsB4mdDMFaDw +rzziiZE/zS8/nKiH4X2JgmLgFsadEihdfYxeDcGbhREK/qA1f3bGnr1j05V07yko +2FFZdiOr4OgiT5ymgwVUXQ2Aiz+J/C8URjfpcPxetmuDQT9AYfgmMKPNVXPFWuNQ +dzN5GZbI+E1/cb5+uLNknvjngw2G4PR/4uPHX1HCSftlNawBqWzyun1k+B7/u3Oe +FebWXcdqSmZuLQ7l0Pkuz/Nlp6M6cKpceL+9zCgaiR5+v9h94VvtXKd/mw9ZLACc +VcOANiwCtsJP3lt7jRSHtkuUe6vUm5tLS582RfXxoI1BlPjNtG9xAQ3JKBHIXbal +T18pAFO3t74cxg3h0iI1G51F3oL0DwILP2MBBmardVEp5CMnB/M= +=1iQB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libreoffice.spec b/libreoffice.spec index 1e91099..31313e7 100644 --- a/libreoffice.spec +++ b/libreoffice.spec @@ -22,7 +22,7 @@ # rhbz#465664 jar-repacking breaks help by reordering META-INF/MANIFEST.MF %global __jar_repack %{nil} # make it easier to download sources from pre-release site -%if 0%{?rebase} +%if 0%{?prerelease} %global source_url http://dev-builds.libreoffice.org/pre-releases/src %else %global source_url http://download.documentfoundation.org/libreoffice/src/%{libo_version} @@ -62,22 +62,21 @@ License: (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 URL: http://www.libreoffice.org/ Source0: %{source_url}/libreoffice-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz -Source1: %{source_url}/libreoffice-help-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz -Source2: %{source_url}/libreoffice-translations-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz -%if 0%{?rebase} -Source3: %{source_url}/libreoffice-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz.asc -Source4: %{source_url}/libreoffice-help-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz.asc +Source1: %{source_url}/libreoffice-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz.asc +Source2: %{source_url}/libreoffice-help-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz +Source3: %{source_url}/libreoffice-help-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz.asc +Source4: %{source_url}/libreoffice-translations-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz Source5: %{source_url}/libreoffice-translations-%{version}%{?libo_prerelease}%{?libo_buildfix}.tar.xz.asc -%endif -Source6: http://dev-www.libreoffice.org/extern/185d60944ea767075d27247c3162b3bc-unowinreg.dll -Source7: libreoffice-multiliblauncher.sh -Source8: %{external_url}/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip -Source9: %{external_url}/xmlsec1-1.2.24.tar.gz -Source10: %{external_url}/798b2ffdc8bcfe7bca2cf92b62caf685-rhino1_5R5.zip -Source11: %{external_url}/35c94d2df8893241173de1d16b6034c0-swingExSrc.zip +Source6: gpgkey-C2839ECAD9408FBE9531C3E9F434A1EFAFEEAEA3.gpg.asc +Source7: http://dev-www.libreoffice.org/extern/185d60944ea767075d27247c3162b3bc-unowinreg.dll +Source8: libreoffice-multiliblauncher.sh +Source9: %{external_url}/a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip +Source10: %{external_url}/xmlsec1-1.2.24.tar.gz +Source11: %{external_url}/798b2ffdc8bcfe7bca2cf92b62caf685-rhino1_5R5.zip +Source12: %{external_url}/35c94d2df8893241173de1d16b6034c0-swingExSrc.zip #Unfortunately later versions of hsqldb changed the file format, so if we use a later version we loose #backwards compatability. -Source12: %{external_url}/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip +Source13: %{external_url}/17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip %global bundling_options %{?bundling_options} --without-system-hsqldb %if 0%{?fedora} @@ -124,6 +123,7 @@ BuildRequires: flex BuildRequires: gcc-c++ BuildRequires: gdb BuildRequires: git +BuildRequires: gnupg2 BuildRequires: gperf BuildRequires: icu BuildRequires: make @@ -934,7 +934,13 @@ done \ %{!?-l:%{error:-l must be present}} %prep -%setup -q -n %{name}-%{version}%{?libo_prerelease} -b 1 -b 2 +# verify tarballs +gpg2 --dearmor < %{SOURCE6} > keyring.gpg +gpgv2 --keyring ./keyring.gpg %{SOURCE1} %{SOURCE0} +gpgv2 --keyring ./keyring.gpg %{SOURCE3} %{SOURCE2} +gpgv2 --keyring ./keyring.gpg %{SOURCE5} %{SOURCE4} + +%setup -q -n %{name}-%{version}%{?libo_prerelease} -b 2 -b 4 rm -rf git-hooks */git-hooks # set up git repo diff --git a/sources b/sources index 5da25af..c3efd5f 100644 --- a/sources +++ b/sources @@ -10,3 +10,6 @@ SHA512 (xmlsec1-1.2.24.tar.gz) = a01feb9af8f85e77f2c5d2d7f596fba3ef58bc593cb9a7c SHA512 (libreoffice-5.4.2.1.tar.xz) = 203e2f7a8f726a125611566363c7ec6d7fb8f2d9731109029ca40ef1642b5270436b918e6f917629543d00252e8e6f5d7d6f16b055ed22fb0ce0cb4117c7ee23 SHA512 (libreoffice-help-5.4.2.1.tar.xz) = e2c80e06cc3d5859a400bcdcdd8328008cde7042f816d64c5d4648d119e222ea489f16ccc5af52e43a2bc739f1a4586230045d9440c8ee997a58a3fec9f08d70 SHA512 (libreoffice-translations-5.4.2.1.tar.xz) = 31e11b2f5da20fa57dae6545a20ed40f5f3770b07c89e788d21bdd15174cdf43c1d7136dd10013c0730523f532871f9d3659a8ac2bf856786be7dea28b13dfc5 +SHA512 (libreoffice-5.4.2.1.tar.xz.asc) = 3908d92e4d172f0a040927925cfd40f789e15238f24ff383f16e1d5fa45e6918dfc5f340f2431be8584eeb4a2433f56118da2bca1e50a97f2321d2ea850417d3 +SHA512 (libreoffice-help-5.4.2.1.tar.xz.asc) = 277cb462b3e6a79f5d2cc001ea09eb90389050a0ef056aa9a42bb4a768d97c4da17def083f8ed0fed4ab953b420de2519d48eb9ba7f7f8b37882d4dda30e3658 +SHA512 (libreoffice-translations-5.4.2.1.tar.xz.asc) = 8c6be32fdd0c8cbb91ee39a73dd81bcb287b8634d71e85281cb3f7dc230a425ac544992ef2bc98310f35f427851c004a02ffdc4498b3991dec88bc8af7367a49