Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:Update
suse-build-key
suse-build-key.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File suse-build-key.spec of Package suse-build-key
# # spec file for package suse-build-key # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # needspubkeyforbuild %bcond_with build_key_include_prjkey Name: suse-build-key BuildRequires: gpg Url: https://www.suse.com/support/security/keys/ Provides: build-key Requires: gpg AutoReqProv: off Summary: The public gpg key for rpm package signature verification License: GPL-2.0+ Group: System/Packages Version: 12.0 Release: 0 #pub rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18] # Key fingerprint = 7F00 9157 B127 B994 D5CF BE76 F74F 09BC 3FA1 D6CE #uid SUSE Package Signing Key <build@suse.de> # The new 4096bit RSA signing key for SLE. Source5: gpg-pubkey-3fa1d6ce-63c9481c.asc # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de> # The main package signing key. Source0: gpg-pubkey-39db7c82-66c5d91a.asc # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de> # Fallback key if main key gets lost. Source1: gpg-pubkey-50a3dd1c-50f35137.asc # pub rsa4096/0xA1BFC02BD588DC46 2023-01-19 [SC] [expires: 2033-01-16] # Key fingerprint = B56E 5601 41D8 F654 2DFF 3BF9 A1BF C02B D588 DC46 # uid SUSE Package Signing Key (reserve key) <build@suse.de> # Fallback key if main key gets lost. Source10: gpg-pubkey-d588dc46-63c939db.asc # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de> # SLES 11 key. Source2: suse-sle11-key.asc #pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09] # Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3 # container key used by Container TUF style signing. Source3: build-container-d4ade9c3-5a2e9669.asc Source4: build-container-d4ade9c3-5a2e9669.pem #pub rsa4096/0x100CEB438FD6C337 2023-01-19 [SC] [expires: 2027-01-18] # Key fingerprint = 2BFA 4649 1A1C FFA8 31EF C4B6 100C EB43 8FD6 C337 #uid SUSE Linux Container Signing Key <build-container@suse.de> # container signingkey for registry.suse.com, 4096 bit RSA / 2023 variant. Source6: build-container-8fd6c337-63c94b45.asc Source7: build-container-8fd6c337-63c94b45.pem #pub rsa4096/0x1D441A8CC0ACC782 2023-01-19 [SC] [expires: 2027-01-18] # Key fingerprint = BDA8 1B26 D46C 7B46 129F 391D 1D44 1A8C C0AC C782 #uid SUSE PTF Container Signing Key <support-container@suse.com> # 4096 bit PTF containersigning key. Source8: suse_ptf_containerkey_2023.pem Source9: suse_ptf_containerkey_2023.asc # New ALP Keys #pub rsa4096/0xFEC28EAF09D9EA69 2023-05-10 [SC] [expires: 2027-05-09] # Key fingerprint = 1C59 D66F CD52 563A 1693 3DBC FEC2 8EAF 09D9 EA69 #uid ALP Package Signing Key <build-alp@suse.de> Source11: gpg-pubkey-09d9ea69-645b99ce.asc # reserve key #pub rsa4096/0xC7B81E4373F03759 2022-04-29 [SC] [expires: 2032-04-26] # Key fingerprint = 5056 7568 F292 0FF1 65B2 5FB2 C7B8 1E43 73F0 3759 #uid ALP Package Signing Key (reserve key) <build-alp@suse.de> Source12: gpg-pubkey-73f03759-626bd414.asc #pub rsa2048/0x9F2528FDB76EB97A 2018-04-24 [SC] [expires: 2026-02-24] # Key fingerprint = 9109 9832 523C C4EF 9741 F3A5 9F25 28FD B76E B97A #uid SUSE PTF Container Signing Key <support-container@suse.com> Source96: suse_ptf_containerkey.asc # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com> # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default Source97: suse_ptf_key_old.asc #pub rsa2048/0x46DFA05C6F5DA62B 2022-02-25 [SC] [expires: 2026-02-24] # Key fingerprint = 1604 494D 38DA 2FA7 AA26 97AE 46DF A05C 6F5D A62B #uid SUSE PTF Signing Key <support@suse.com> Source98: suse_ptf_key.asc #pub rsa4096/0x09461C70AF5425F7 2023-01-19 [SC] [expires: 2027-01-18] # Key fingerprint = 6D6C 8072 BF35 2152 3062 D823 0946 1C70 AF54 25F7 #uid SUSE PTF Signing Key <support@suse.com> # new 4096bit RSA PTF signing key Source95: suse_ptf_key_2023.asc #pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2024-02-24] # Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922 #uid SUSE Security Team <security@suse.de> #uid SUSE Security Team <security@suse.com> #sub rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2024-02-24] Source99: security_at_suse_de.asc Source100: dumpsigs Source101: import-suse-build-key Source102: suse-build-key-import.service Source103: suse-build-key-import.timer Source1000: key2rpmname BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %define keydir %{_prefix}/lib/rpm/gnupg/keys %define containerkeydir %{_prefix}/share/container-keys/ %define pemcontainerkeydir %{_prefix}/share/pki/containers/ PreReq: sh-utils gpg fileutils mktemp BuildRequires: systemd-rpm-macros # obsoletes old SLE11 build key, as it is 1024 bit only Obsoletes: gpg-pubkey-b37b98a9 # fixme: next release obsolete old PTF key. %description This package contains the gpg keys that are used to sign the SUSE rpm packages. The keys installed here are not actually used by directly, but need to be imported to the RPM database first. rpm/zypper use only the keys in the RPM database. The package also contains the Container signing keys in GPG and in X.509 PEM format for use by Docker Notary and Sigstore/Cosign. %prep %setup -qcT %build cp %SOURCE2 . cp %SOURCE8 . cp %SOURCE9 . cp %SOURCE95 . cp %SOURCE96 . cp %SOURCE97 . cp %SOURCE98 . cp %SOURCE99 . %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{keydir} %if %{with build_key_include_prjkey} if [ -e "%_sourcedir/_pubkey" ]; then name="$(bash %{SOURCE1000} %_sourcedir/_pubkey).asc" if [ ! -e "%_sourcedir/$name" ]; then install -D -m 644 %_sourcedir/_pubkey %{buildroot}%keydir/"$name" fi fi %endif for i in %sources; do case "$i" in */gpg-pubkey-*.asc|*/*ptf_key.asc|*/*ptf_key_2023.asc) install -m 644 "$i" $RPM_BUILD_ROOT%{keydir} ;; esac done install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/ install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-old.asc install -c -m 644 %{SOURCE6} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc # keep it there too for compat install -c -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-old.pem install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.pem install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/ install -c -m 644 %{SOURCE4} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-old.pem install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem # not working well, as some customers have no-exec /var # # install -d -m 755 %{buildroot}/var/adm/update-scripts/ # install -m 755 %{SOURCE101} $RPM_BUILD_ROOT/var/adm/update-scripts/%{name}-%{version}-%{release}-import-suse-build-key.sh mkdir -p $RPM_BUILD_ROOT/usr/bin/ mkdir -p $RPM_BUILD_ROOT/var/lib/suse-build-key install -m 755 %{SOURCE101} $RPM_BUILD_ROOT/usr/bin/import-suse-build-key mkdir -p $RPM_BUILD_ROOT/%_unitdir install -m 644 %{SOURCE102} $RPM_BUILD_ROOT/%_unitdir install -m 644 %{SOURCE103} $RPM_BUILD_ROOT/%_unitdir %post touch /var/lib/%{name}/imported %service_add_post suse-build-key-import.service suse-build-key-import.timer test -x /usr/bin/systemctl && systemctl enable suse-build-key-import.timer && systemctl start suse-build-key-import.timer || true %pre %service_add_pre suse-build-key-import.service suse-build-key-import.timer %preun %service_del_preun suse-build-key-import.service suse-build-key-import.timer %postun %service_del_postun suse-build-key-import.service suse-build-key-import.timer %files %defattr(644,root,root) %doc security_at_suse_de.asc suse_ptf_key.asc suse_ptf_containerkey.asc suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem suse-sle11-key.asc suse_ptf_key_old.asc %attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg %attr(755,root,root) %dir %{keydir} %attr(755,root,root) %dir %{containerkeydir} %attr(755,root,root) %dir /usr/share/pki/ %attr(755,root,root) %dir %{pemcontainerkeydir} %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-39db7c82-66c5d91a.asc %{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc %{keydir}/gpg-pubkey-d588dc46-63c939db.asc %{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc %{keydir}/gpg-pubkey-73f03759-626bd414.asc %{keydir}/suse_ptf_key.asc %{keydir}/suse_ptf_key_2023.asc %{containerkeydir}/suse-container-key.asc %{containerkeydir}/suse-container-key.pem %{containerkeydir}/suse-container-key-old.asc %{containerkeydir}/suse-container-key-old.pem %{pemcontainerkeydir}/suse-container-key.pem %{pemcontainerkeydir}/suse-container-key-old.pem # /var/adm/update-scripts/%{name}-%{version}-%{release}-import-suse-build-key.sh %attr(755,root,root) %_bindir/import-suse-build-key %dir /var/lib/%{name} %ghost /var/lib/%{name}/imported %_unitdir/suse-build-key-import.service %_unitdir/suse-build-key-import.timer %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
