From ca61de3f775b3de44244f803120653a8513e2e03 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 21 Mar 2016 10:04:08 +0000 Subject: [PATCH] Check GPG signatures during build --- .gitignore | 2 ++ openconnect.spec | 16 +++++++++++++++- sources | 3 ++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7e6f30e..54774f9 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,5 @@ openconnect-2.25.tar.gz /openconnect-7.04.tar.gz /openconnect-7.05.tar.gz /openconnect-7.06.tar.gz +/openconnect-7.06.tar.gz.asc +/pubring.gpg diff --git a/openconnect.spec b/openconnect.spec index e62e1ee..be8145a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -28,13 +28,17 @@ Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz +%if 0%{?gitcount} == 0 +Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz.asc +%endif +Source2: pubring.gpg Patch1: openconnect-7.05-override-default-prio-string.patch Patch2: openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch Patch3: fix-ipv6-only.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) gnupg BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} @@ -72,6 +76,13 @@ the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. %prep +%if 0%{?gitcount} == 0 +gpg --homedir . --no-permission-warning \ + --no-default-keyring --keyring %{SOURCE2} \ + --trusted-key 63762CDA67E2F359 \ + --verify %{SOURCE1} +%endif + %setup -q -n openconnect-%{version}%{?gitsuffix} %patch1 -p1 -b .prio @@ -117,6 +128,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Mar 21 2016 David Woodhouse - 7.06-4 +- Check GPG signature as part of build + * Tue Feb 02 2016 Dennis Gilmore - 7.06-4 - add upstream patch to fix ipv6 only setups diff --git a/sources b/sources index 21c4f15..246342b 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -80f397911e1fed43d897d99be3d5f1a1 openconnect-7.06.tar.gz +ef7bb028ca55bb5e0794134ceb277efc openconnect-7.06.tar.gz.asc +2b85959af07ca0e8466853443fd7d766 pubring.gpg