From 53152d1cfc68f43e0dbb57866515de546463c15e Mon Sep 17 00:00:00 2001 From: Andrew Toskin Date: Jan 10 2021 00:22:46 +0000 Subject: Bump to upstream version 4.2.0 - Use Sourceforge's downloads.* subdomain instead, let SF figure out the mirror/CDN redirection... - I'm adding my tweaked AppStream metainfo file until it gets merged upstream, in the next release. - And the upstream switched from detached signatures to GPG-signed checksums. --- diff --git a/.gitignore b/.gitignore index 83f09c6..71d1c02 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ *.log *.rpm *.sig +*sum.txt.asc *.tar.bz2 *.tar.gz *.tar.xz diff --git a/bleachbit.spec b/bleachbit.spec index 0cca8b2..1902206 100644 --- a/bleachbit.spec +++ b/bleachbit.spec @@ -1,16 +1,17 @@ Name: bleachbit Summary: Remove sensitive data and free up disk space URL: https://www.bleachbit.org/ -Version: 4.0.0 -Release: 3%{?dist} +Version: 4.2.0 +Release: 1%{?dist} License: GPLv3+ and MIT BuildArch: noarch # Development and bug reports mostly seem to happen BleachBit's GitHub project, but their documentation points to SourceForge for the GPG public key and signatures, so that's where we'll need to get the source tarballs -- https://docs.bleachbit.org/doc/install-on-linux.html#digital-signatures -#Source0: https://github.com/%%{name}/%%{name}/archive/v%%{version}/%%{name}-%%{version}.tar.gz -Source0: https://svwh.dl.sourceforge.net/project/bleachbit/bleachbit/%{version}/bleachbit-%{version}.tar.gz -Source1: https://svwh.dl.sourceforge.net/project/bleachbit/bleachbit/%{version}/detached_signatures/bleachbit-%{version}.tar.gz.sig -Source2: https://svwh.dl.sourceforge.net/project/bleachbit/public_key/andrew2019.key +Source0: https://downloads.sourceforge.net/project/bleachbit/bleachbit/%{version}/bleachbit-%{version}.tar.bz2 +Source1: https://downloads.sourceforge.net/project/bleachbit/bleachbit/%{version}/bleachbit-%{version}-sha256sum.txt.asc +Source2: https://downloads.sourceforge.net/project/bleachbit/public_key/andrew2019.key +# TODO: Remove this file when it merges on the next release -- +Source3: https://raw.githubusercontent.com/terrycloth/bleachbit/473f857716d9fa43c3978fc331840de2e9b4b51b/org.bleachbit.BleachBit.metainfo.xml BuildRequires: desktop-file-utils BuildRequires: gettext @@ -44,10 +45,17 @@ to make them run faster. %prep -%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' -%setup -q +# Can't verify the tarball all at once because upstream switched from detached signature file to a signed checksum... +# %%{gpgverify} --keyring='%%{SOURCE2}' --signature='%%{SOURCE1}' --data='%%{SOURCE0}' +gpg2 --import %{SOURCE2} +gpg2 --verify %{SOURCE1} +cd %{_sourcedir} +sha256sum --ignore-missing --check %{SOURCE1} + +%setup -q + # Disable update notifications, since package will be updated by DNF or Packagekit. sed 's/online_update_notification_enabled = True/online_update_notification_enabled = False/g' --in-place ./bleachbit/__init__.py @@ -74,7 +82,9 @@ find ./ -type f -iname '*.py' -exec sed --regexp-extended '1s|^#! ?/usr/bin/p %make_install --directory ./po/ PYTHON=%{__python3} prefix=%{_prefix} INSTALL="%{_bindir}/install -Dp" desktop-file-install --dir=%{buildroot}/%{_datadir}/applications/ org.bleachbit.BleachBit.desktop -install -Dp org.bleachbit.BleachBit.metainfo.xml %{buildroot}/%{_metainfodir}/ +# TODO: Go back to using the repo's original metainfo file when it merges on the next release. +#install -Dp org.bleachbit.BleachBit.metainfo.xml %%{buildroot}/%%{_metainfodir}/ +install -Dp %{SOURCE3} %{buildroot}/%{_metainfodir}/ # "BleachBit As Administrator" app launcher is broken, so we're not shipping any polkit files for now -- https://github.com/bleachbit/bleachbit/issues/950 rm %{buildroot}/%{_datadir}/polkit-1/actions/org.bleachbit.policy @@ -90,7 +100,10 @@ appstream-util validate-relax --nonet %{buildroot}/%{_metainfodir}/org.bleachbit %files -f %{name}.lang -%doc README* CONTRIBUTING.md +# TODO: Inconsistency about which doc files to include +# https://github.com/bleachbit/bleachbit/issues/1088 +#%%doc README* doc/CONTRIBUTING.md +%doc README* %license COPYING %{_bindir}/bleachbit %{_datadir}/bleachbit/ @@ -103,6 +116,10 @@ appstream-util validate-relax --nonet %{buildroot}/%{_metainfodir}/org.bleachbit %changelog +* Wed Jan 6 20:39:08 PST 2021 Andrew Toskin - 4.2.0-1 +- Bump to upstream version 4.2.0, which, among other things, adds new + cleaners and regular expression-based searches during deep scans. + * Mon Jul 27 2020 Fedora Release Engineering - 4.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index da723ec..5c38df9 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ -SHA512 (bleachbit-4.0.0.tar.gz) = cc5acc1762945f8283e70cdd362695211200b339ed78fdb41dc266575a6e0eefd1de7c3cb3d815440cff24665c464086bb32c1fc4392217936ae8d789c024b74 -SHA512 (bleachbit-4.0.0.tar.gz.sig) = 82bb910e25c4bf5efc3a45e0a835d608cee3f6dc4d84153e0a58abbde5e3f3f984c25a51956e5a8fd219ccdaf3edd1dffc828c2048450fb421d1f2c42880d5c5 +SHA512 (bleachbit-4.2.0.tar.bz2) = 6d43da42c6a2a328c8fb766a3f00f4511e72a00836316c279c8dc3a24468abb4c2ce909b42c568ee0b8417c08827c7cb79ae197ae693b8d6ce60faf22422effb SHA512 (andrew2019.key) = f0f378be18baa3490a86fd5e27cc9535145592c46541c8cbf0ed2a8f1164ef172b2550372c20b31ea2299c5d5a5ebada60118173ef79a4b03621d644696ad362 +SHA512 (bleachbit-4.2.0-sha256sum.txt.asc) = 968bc7c4056e97cff6d76854165fd8315b0a05fbbd77bac9e35fae811c03d5242e2b4837852ac7cc05f14d06156c05df67328b5fd6cf4f0ffd5e4b3b13b14b02 +SHA512 (org.bleachbit.BleachBit.metainfo.xml) = 93d20933a614267696a2032985fc3a30a68c86a39348b5d247599b8ae7ba832053ab98859ae415ddd181893e5fb326558aaaae8bd9a009c0cc103df0a2e39969