From d9333f394c763ab8d9eadd7cc375566cfd36c014 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Tue, 22 Mar 2016 11:52:41 +0000
Subject: [PATCH] Use GPGv2 for tarball check

---
 .gitignore       |  1 +
 openconnect.spec | 15 ++++++++-------
 sources          |  2 +-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/.gitignore b/.gitignore
index 54774f9..a780504 100644
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,4 @@ openconnect-2.25.tar.gz
 /openconnect-7.06.tar.gz
 /openconnect-7.06.tar.gz.asc
 /pubring.gpg
+/gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg
diff --git a/openconnect.spec b/openconnect.spec
index 5cba29c..79fed49 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -21,7 +21,7 @@
 
 Name:		openconnect
 Version:	7.06
-Release:	6%{?relsuffix}%{?dist}
+Release:	7%{?relsuffix}%{?dist}
 Summary:	Open client for Cisco AnyConnect VPN
 
 Group:		Applications/Internet
@@ -31,14 +31,15 @@ Source0:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf
 %if 0%{?gitcount} == 0
 Source1:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz.asc
 %endif
-Source2:	pubring.gpg
+Source2:	gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg
+
 Patch1:		openconnect-7.05-override-default-prio-string.patch
 Patch2:		openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch
 Patch3:         fix-ipv6-only.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:	pkgconfig(openssl) pkgconfig(libxml-2.0) gnupg
+BuildRequires:	pkgconfig(openssl) pkgconfig(libxml-2.0) gnupg2
 BuildRequires:	autoconf automake libtool python gettext pkgconfig(liblz4)
 %if 0%{?fedora} || 0%{?rhel} >= 7
 Obsoletes:	openconnect-lib-compat%{?_isa} < %{version}-%{release}
@@ -77,10 +78,7 @@ for NetworkManager etc.
 
 %prep
 %if 0%{?gitcount} == 0
-gpg --homedir . --no-permission-warning \
-    --no-default-keyring --keyring %{SOURCE2} \
-    --trusted-key 63762CDA67E2F359 \
-    --verify %{SOURCE1}
+gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %endif
 
 %setup -q -n openconnect-%{version}%{?gitsuffix}
@@ -128,6 +126,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/openconnect.pc
 
 %changelog
+* Tue Mar 22 2016 David Woodhouse <David.Woodhouse@intel.com> - 7.06-7
+- Switch to using GPGv2 for signature check
+
 * Mon Mar 21 2016 David Woodhouse <David.Woodhouse@intel.com> - 7.06-6
 - Check GPG signature as part of build
 
diff --git a/sources b/sources
index 00e8596..fd37447 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 80f397911e1fed43d897d99be3d5f1a1  openconnect-7.06.tar.gz
 ef7bb028ca55bb5e0794134ceb277efc  openconnect-7.06.tar.gz.asc
-2b85959af07ca0e8466853443fd7d766  pubring.gpg
+2b85959af07ca0e8466853443fd7d766  gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg