[Fedora-packaging] Re: Verifying sources against gpg signature during RPM build ?

Monday, 4 September 2017

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 2017-09-04 at 11:29 +0100, Daniel P. Berrange wrote:
...
 A number of packages that I maintain have GPG signatures provided
 alongside
 the sources for new releases. Is there any best pratice approach /
 RPM macro
 magic for verifying the GPG signature of sources during build, or are
 packagers just (re)inventing the wheel each time ?   There is some draft[0]
available, but I can't find FPC ticket on it.
...

 Regards,
 Daniel
 -- 
 > : https://berrange.com      
 > -o-    https://www.flickr.com/photos/dberrange :|
 > : https://libvirt.org         
 > -o-            https://fstop138.berrange.com :|
 > : https://entangle-photo.org    
 > -o-    https://www.instagram.com/dberrange :|

[0] https://fedoraproject.org/wiki/PackagingDrafts:GPGSignatures
- -- 
- -Igor Gnatenko
...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhLFO09aHZVqO+CM6aVcUvRu8X0wFAlmtNhAACgkQaVcUvRu8
X0zULg/+NFtXY54w+MEmkv8OHCyXvHnyMhJWKLYnNIncs7pwBuVWWS6ZbxfcbEXC
7r+lKlhRmMEDbnmW8P4lzSzfNh3njiq8MH23w6DT6m9bbh+UeSYoZ49lFoARM63X
ltNtcHd53h8+8CcX7I5WdlWY48wqwZZU/qYU7pE0ZvyPrt0l53IFGujjUw76bDdm
H0VyM1F4tVW0Tae+uIwtK1woQEN4uGigHBR3KYatEi/xdKnCEriWL2gS7IZrn3Ek
vddr7hXaNWuUid79SxsYvA6Q4gpEBLlRrCpeTVCJgTZhY9bIkghfid4p3ZA022sS
TZAVvwYGC94DOePTOvxERZLp1wNZzxQRXBGdxMryVwetZK+d+qHc+Bb+owx7fTVg
WBLTnp48G/KCLWiVyV817fq/S8Nn/jqucF3ool3k91DDD4McNFYGqigqflYe41jy
9hLP6Pzb7RCxR2Nk+pZrfe8Zwk6DRO3Y6sZuFQTBVgxyxinIaEQ+kXOreW6wXi7J
mgvJ0QD4X8+i5++yMFPBau5PQxdojJm/rzYLm9ePJsUdS/vg0tx2sLUh2YVwsbC9
rRlLN7ziegv7YCJK1uDi60QwOzRLgRWwKUVhj5MNKPlUMXaepOFj3nt66j+jBD/U
Be18rCG6vJAR4796Gziy8a+ueu2rN3F+QiIYvm9EtuWz/DZzwP0=
=Epz5
-----END PGP SIGNATURE----- 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[Fedora-packaging] Re: Verifying sources against gpg signature during RPM build ?