rpms / epel-rpm-macros

Clone
Source Code
GIT

#41 EPEL 8: Remove %gpgverify and /usr/lib/rpm/gpgverify, it is available in RHEL 8.4+
Merged 2 years ago by kevin. Opened 2 years ago by churchyard.
rpms/ churchyard/epel-rpm-macros epel8-remove-rhel8.4-native  into  epel8

file modified
+4 -6 
@@ -1,6 +1,6 @@ 
 

  Name:           epel-rpm-macros
 

  Version:        8
 

- Release:        27
 

+ Release:        28
 

  Summary:        Extra Packages for Enterprise Linux RPM macros
 

  

  Group:          System Environment/Base
 
@@ -12,7 +12,6 @@ 
 

  URL:            http://download.fedoraproject.org/pub/epel
 

  Source0:        macros.epel-rpm-macros
 

  Source1:        macros.zzz-epel-override
 

- Source2:        gpgverify
 

  Source3:        pythondist.attr
 

  Source9:        GPL
 

  
@@ -68,9 +67,6 @@ 
 

  install -Dpm 644 %{SOURCE1} \
 

      %{buildroot}%{_sysconfdir}/rpm/macros.zzz-epel-override
 

  

- install -Dpm 755 %{SOURCE2} \
 

-     %{buildroot}%{_rpmconfigdir}/gpgverify
 

- 

  install -Dpm 644 %{SOURCE3} \
 

      %{buildroot}%{_fileattrsdir}/pythondist.attr
 

  
@@ -93,7 +89,6 @@ 
 

  %license GPL
 

  %{_rpmmacrodir}/macros.epel-rpm-macros
 

  %{_sysconfdir}/rpm/macros.zzz-epel-override
 

- %{_rpmconfigdir}/gpgverify
 

  %{_fileattrsdir}/pythondist.attr
 

  

  # misc macros
 
@@ -108,6 +103,9 @@ 
 

  

  

  %changelog
 

+ * Tue Mar 15 2022 Miro Hrončok <mhroncok@redhat.com> - 8-28
 

+ - Remove %%gpgverify and /usr/lib/rpm/gpgverify, it is available in RHEL 8.4+
 

+ 

  * Wed Jan 19 2022 Pablo Greco <pgreco@centosproject.org> - 8-27
 

  - Backport systemd sysusers macros from Fedora

file removed
-116 
@@ -1,116 +0,0 @@ 
 

- #!/bin/bash
 

- 

- # Copyright 2018 B. Persson, Bjorn@Rombobeorn.se
 

- #
 

- # This program is free software; you can redistribute it and/or modify
 

- # it under the terms of the GNU General Public License as published by
 

- # the Free Software Foundation; either version 2 of the License, or
 

- # (at your option) any later version.
 

- #
 

- # This program is distributed in the hope that it will be useful,
 

- # but WITHOUT ANY WARRANTY; without even the implied warranty of
 

- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 

- # GNU General Public License for more details.
 

- #
 

- # You should have received a copy of the GNU General Public License along
 

- # with this program; if not, write to the Free Software Foundation, Inc.,
 

- # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 

- 

- 

- function print_help {
 

-     cat <<'EOF'
 

- Usage: gpgverify --keyring=<pathname> --signature=<pathname> --data=<pathname>
 

- 

- gpgverify is a wrapper around gpgv designed for easy and safe scripting. It
 

- verifies a file against a detached OpenPGP signature and a keyring. The keyring
 

- shall contain all the keys that are trusted to certify the authenticity of the
 

- file, and must not contain any untrusted keys.
 

- 

- The differences, compared to invoking gpgv directly, are that gpgverify accepts
 

- the keyring in either ASCII-armored or unarmored form, and that it will not
 

- accidentally use a default keyring in addition to the specified one.
 

- 

- Parameters:
 

-   --keyring=<pathname>    keyring with all the trusted keys and no others
 

-   --signature=<pathname>  detached signature to verify
 

-   --data=<pathname>       file to verify against the signature
 

- EOF
 

- }
 

- 

- 

- fatal_error() {
 

-     message="$1"  # an error message
 

-     status=$2     # a number to use as the exit code
 

-     echo "gpgverify: $message" >&2
 

-     exit $status
 

- }
 

- 

- 

- require_parameter() {
 

-     term="$1"   # a term for a required parameter
 

-     value="$2"  # Complain and terminate if this value is empty.
 

-     if test -z "${value}" ; then
 

-         fatal_error "No ${term} was provided." 2
 

-     fi
 

- }
 

- 

- 

- check_status() {
 

-     action="$1"  # a string that describes the action that was attempted
 

-     status=$2    # the exit code of the command
 

-     if test $status -ne 0 ; then
 

-         fatal_error "$action failed." $status
 

-     fi
 

- }
 

- 

- 

- # Parse the command line.
 

- keyring=
 

- signature=
 

- data=
 

- for parameter in "$@" ; do
 

-     case "${parameter}" in
 

-         (--help)
 

-             print_help
 

-             exit
 

-             ;;
 

-         (--keyring=*)
 

-             keyring="${parameter#*=}"
 

-             ;;
 

-         (--signature=*)
 

-             signature="${parameter#*=}"
 

-             ;;
 

-         (--data=*)
 

-             data="${parameter#*=}"
 

-             ;;
 

-         (*)
 

-             fatal_error "Unknown parameter: \"${parameter}\"" 2
 

-             ;;
 

-     esac
 

- done
 

- require_parameter 'keyring' "${keyring}"
 

- require_parameter 'signature' "${signature}"
 

- require_parameter 'data file' "${data}"
 

- 

- # Make a temporary working directory.
 

- workdir="$(mktemp --directory)"
 

- check_status 'Making a temporary directory' $?
 

- workring="${workdir}/keyring.gpg"
 

- 

- # Decode any ASCII armor on the keyring. This is harmless if the keyring isn't
 

- # ASCII-armored.
 

- gpg2 --homedir="${workdir}" --yes --output="${workring}" --dearmor "${keyring}"
 

- check_status 'Decoding the keyring' $?
 

- 

- # Verify the signature using the decoded keyring.
 

- gpgv2 --homedir="${workdir}" --keyring="${workring}" "${signature}" "${data}"
 

- check_status 'Signature verification' $?
 

- 

- # (--homedir isn't actually necessary. --dearmor processes only the input file,
 

- # and if --keyring is used and contains a slash, then gpgv2 uses only that
 

- # keyring. Thus neither command will look for a default keyring, but --homedir
 

- # makes extra double sure that no default keyring will be touched in case
 

- # another version of GPG works differently.)
 

- 

- # Clean up. (This is not done in case of an error that may need inspection.)
 

- rm --recursive --force ${workdir}

file modified
-18 
@@ -138,24 +138,6 @@ 
 

  %python_wheel_pkg_prefix python%{?rhel:%{!?eln:%{python3_pkgversion}}}
 

  %python_wheel_dir %{_datadir}/%{python_wheel_pkg_prefix}-wheels
 

  

- # gpgverify verifies signed sources. There is documentation in the script.
 

- %gpgverify(k:s:d:) %{lua:
 

- local script = rpm.expand("%{_rpmconfigdir}/gpgverify ")
 

- local keyring = rpm.expand("%{-k*}")
 

- local signature = rpm.expand("%{-s*}")
 

- local data = rpm.expand("%{-d*}")
 

- print(script)
 

- if keyring ~= "" then
 

-   print(rpm.expand("--keyring='%{SOURCE" .. keyring ..  "}' "))
 

- end
 

- if signature ~= "" then
 

-   print(rpm.expand("--signature='%{SOURCE" .. signature ..  "}' "))
 

- end
 

- if data ~= "" then
 

-   print(rpm.expand("--data='%{SOURCE" .. data ..  "}' "))
 

- end
 

- }
 

- 

  # qt5 macro removed from RHEL8 but needed to ensure qtwebengine, and 

  #  it's dependencies build on supported arches.
 

  %qt5_qtwebengine_arches %{ix86} x86_64 %{arm} aarch64 mips mipsel mips64el

The RHEL's macro is identical, except it uses /usr/lib/rpm/redhat/gpgverify.

Added in https://bugzilla.redhat.com/1874576

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci

Ok to merge this?

Yep. Should I do a build also? or just wait for more changes?

Pull-Request has been merged by kevin
2 years ago

I don't plan more changes. Please build and create the update. Thanks.

Thanks, @kevin.
Metadata
None
No Tags
Changes Summary 3
+4 -6
file changed
epel-rpm-macros.spec
-116
file removed
gpgverify
+0 -18
file changed
macros.epel-rpm-macros
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.