On 04/14/2016 05:12 AM, Christophe Fergeau wrote: > This at least allows to make sure that all tarballs are signed with the > same GPG key, and that the tarball was not corrupted between the time it > was uploaded upstream, and the time the RPM is built. > > danpb-BE86EBB415104FDF.gpg is generated with: > gpg2 -v --armor --export 15104FDF | gpg2 --no-default-keyring --keyring ./danpb-BE86EBB415104FDF.gpg --import That file wasn't committed though, was it meant to be? > --- > libvirt-glib.spec.in | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libvirt-glib.spec.in b/libvirt-glib.spec.in > index 32ce4f0..3616a6e 100644 > --- a/libvirt-glib.spec.in > +++ b/libvirt-glib.spec.in > @@ -28,6 +28,8 @@ Group: Development/Libraries > License: LGPLv2+ > URL: http://libvirt.org/ > Source0: ftp://libvirt.org/libvirt/glib/%{name}-%{version}.tar.gz > +Source1: ftp://libvirt.org/libvirt/glib/%{name}-%{version}.tar.gz.asc > +Source2: danpb-BE86EBB415104FDF.gpg > BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) > > BuildRequires: glib2-devel >= @GLIB2_REQUIRED@ > @@ -45,6 +47,7 @@ BuildRequires: libtool > %if %{with_vala} > BuildRequires: vala-tools > %endif > +BuildRequires: gnupg2 > > %package devel > Group: Development/Libraries > @@ -109,6 +112,7 @@ libvirt and the glib event loop > %endif > > %prep > +gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} > %setup -q > > %build > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list