This at least allows to make sure that all tarballs are signed with the same GPG key, and that the tarball was not corrupted between the time it was uploaded upstream, and the time the RPM is built. danpb-BE86EBB415104FDF.gpg is generated with: gpg2 -v --armor --export 15104FDF | gpg2 --no-default-keyring --keyring ./danpb-BE86EBB415104FDF.gpg --import We cannot unconditionally enable gpg signature checks as when building from tarballs with rpmbuild -ta (for example), the needed keyring file will no be available, so this commit checks that BE86EBB415104FDF.gpg exists before attempting to do the check. --- libvirt-glib.spec.in | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) Hey, here is my attempt at addressing the issue raised with v1 (rpmbuild -ta being broken by the change). I cannot rely on the usual test on %{fedora} and %{rhel} as they are set when running rpmbuild on a fedora. Instead I added a test for the existence of the keyring file. Maybe there are better ways of writing this file existence check.. Christophe diff --git a/libvirt-glib.spec.in b/libvirt-glib.spec.in index 32ce4f0..02a27d5 100644 --- a/libvirt-glib.spec.in +++ b/libvirt-glib.spec.in @@ -1,5 +1,12 @@ # -*- rpm-spec -*- +# We cannot unconditionally enable gpg signature checks as when +# building from tarballs with rpmbuild -ta (for example), the needed +# keyring file will no be available +%define gpg_keyring danpb-BE86EBB415104FDF.gpg +%define has_gpg_keyring %(if [ -f %{gpg_keyring} ]; then echo 1; else echo 0; fi) +%define with_gpg_check %{has_gpg_keyring} + %define with_introspection 0 %define with_python 0 %define with_vala 0 @@ -28,6 +35,10 @@ Group: Development/Libraries License: LGPLv2+ URL: http://libvirt.org/ Source0: ftp://libvirt.org/libvirt/glib/%{name}-%{version}.tar.gz +%if %{with_gpg_check} +Source1: ftp://libvirt.org/libvirt/glib/%{name}-%{version}.tar.gz.asc +Source2: %{gpg_keyring} +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: glib2-devel >= @GLIB2_REQUIRED@ @@ -45,6 +56,9 @@ BuildRequires: libtool %if %{with_vala} BuildRequires: vala-tools %endif +%if %{with_gpg_check} +BuildRequires: gnupg2 +%endif %package devel Group: Development/Libraries @@ -109,6 +123,9 @@ libvirt and the glib event loop %endif %prep +%if %{with_gpg_check} +gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} +%endif %setup -q %build -- 2.5.5 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list