On Mon, Jul 08, 2013 at 11:15:05PM +0200, Till Maas wrote: > Hi, > > upstream of pam_mount pointed me to OpenSUSE's gpg-offline RPM macros at > https://build.opensuse.org/package/show/Base:System/gpg-offline > > They allow to use a keyring and detached signature as additional source > in SPECs to get both verified. Since gpg-offline's upstream is willing > to create a proper release to allow easy packaging for Fedora, I wonder > if I will find any obstacles when I package it. The packaging guidelines > allow packaging RPM macros, therefore this should be fine. > > Also I am interested whether there are better options available.
In parted we have a signed upstream package and a detached signature. In the pkg git we have the signer's public key and in %prep it runs gpg. Source0: ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz Source1: ftp://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz.sig Source2: pubkey.jim.meyering gpg --import %{SOURCE2} gpg --verify %{SOURCE1} %{SOURCE0} What does gpg-offline add to this? -- Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
pgpAJaxU21GjG.pgp
Description: PGP signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
