rpms / munin

Clone
Source Code
GIT

#3 Upgrade to 2.0.66 and verify upstream signature
Merged 3 years ago by kimheino. Opened 3 years ago by tmz.
rpms/ tmz/munin rawhide  into  rawhide

file modified
+1 -1 
@@ -1,4 +1,4 @@ 
 

- munin-*.tar.gz
 

+ munin-*.tar.gz*
 

  *.src.rpm
 

  .build-*.log
 

  munin-2*/

file added
+77 
@@ -0,0 +1,77 @@ 
 

+ -----BEGIN PGP PUBLIC KEY BLOCK-----
 

+ 

+ mQINBE9Z0UYBEAChD/KVfJFENj65GLjiVEnrLwPqN6wF2EPsu3hnacKmXBJIUVOh
 

+ ER6XC9hFmR2ZIXd8vkaHIIJ/3QmeUQsJWtd4JjHKV7vpTwStFbxtsexU0HVGpO10
 

+ jKJjfrjM9f+xkFW2xOpk/S16nLKq9kFDjVUOswq5qWuksIE22EBjQPyDROo/fhCJ
 

+ uZbAPJz5RuHuuOrFAzqcDq5pI1WdY6MRDklKr6TZl6tp8d1mO5HBz37uMzTTBoyV
 

+ 4b7JajeyjLAL+lMW/isxBG3dAbsKkEDeEsv2J+GKiHKQeRE01g4lRVXzVJQ6AENG
 

+ hREqcUMTKNXkBcrT4QTO/u3305U54Mv0P7HUdIno/lT1o4sM18jmlHbseU/fPfbZ
 

+ Pf7rxvxnzckmtBtwoBLIBGOmqE5qHGnAc/B35Iay4BFDSVVGwxrFfx2Bu7LYnuAk
 

+ /biGlRWitCPC6cRbaRQ8zSO1RBaJ9qqz2+jWJbUpSP1pP8QxSOkOUhlGiC0EwBB+
 

+ cuOzmhEev5nQOfleN2uYAUmM83jqjcQUuhuY1SPkIbEg88ZNp3eaRG5DyytHSoKl
 

+ Ja3vtNQ1pqLEDeil/+7FBzT3unBnvJGImLHzPI+DwPXtYwjJ7j832H9XA282mL/v
 

+ Ec1xUq/bSBreOWe2IzofV7PHO1BjAZoo1JdCTP/yC1LwrFIWWPrDz2d2OQARAQAB
 

+ tCZTdGV2ZSBTY2huZXBwIDxzdGV2ZS5zY2huZXBwQHB3a2Yub3JnPokCQAQTAQIA
 

+ KgIbAwUJEswDAAIeAQIXgAIZAQUCUgOeeAULCQgHAwUVCgkICwUWAgMBAAAKCRAK
 

+ JMBZmLpBM8DjD/993ks8Tm51fXX6Qj+5RPWlAou46XnCs3u5DbcRvZ9MH+CEFwTm
 

+ 20vdjJlmFeeecJJUvyQza0SHAZAva+uzlG+oKz/J6eae8wJjRc9oLAaMaXuxRn17
 

+ Fv6lSVisFeedx+UdHXuG9hZF+oUkkS+nhCGp+cU0Zp4IR0EnWqLY4gJVY/gB7aih
 

+ LH5KN6Im5lIHjemVaQ6398x3H2Umz6ij2fw2VdGtXUDiA3nQFi7PwBbswAhbTGgL
 

+ L/ELy2Pgpsxkus8sc1DtPqLSsajt+n6wSMuCM7ZYHiUvDLU6KbZUcvAD3pikJDdS
 

+ bdLsATtkYHErDw9hOIN3xInwbgPEL2wajfKh6K2XlnnH7M3QIUrDgcoZ/E4dswId
 

+ s+Maz4wcm5TpQGFx9lj1Q7kBbGK+/Dfg4qEBCTqHy+vH4QFLCxWGVYe8jsmM4WkZ
 

+ hcxdSzfDq3IchC3aUOUAg6KZ5xQSaQ3uDttajdBPMgEewhqRZKfAlupopXbGO4LR
 

+ FCwvQYrbBMoauHcwu7WSyY7xFPd4eOPoyagq4Nqexsrfvv10UBfar8GRM6MrdnQ5
 

+ D1EcKA3jIFcG7O85bE6t/7ppItALJg3XkZnVnGjDDrgku3vcTClmxR2tXAK6zYpT
 

+ V8hZw0Ms+/CoqcRVhmXbpCiNX+SZphvs7b8HQ0GQMTF46nV2hTo/RRP4YLQnU3Rl
 

+ dmUgU2NobmVwcCA8c3RldmUuc2NobmVwcEBnbWFpbC5jb20+iQI9BBMBAgAnAhsD
 

+ BQkSzAMAAh4BAheABQJSA557BQsJCAcDBRUKCQgLBRYCAwEAAAoJEAokwFmYukEz
 

+ vvIQAJRmoZoichU2j7Pql0+QfkyiIIYKeoj132G+6eA/F3nBxwAfDCjnhx7NpTP+
 

+ dy3A+gEc7luK1Wevo1x/HUokMla/gSRqQvanLQF88iLJFjYcyUqYs15vKajS3xgW
 

+ LfkCuv+jplIT+OgtPpNa0I1qFuob/GwRbG6O97B/Udicg/DVAjVCfRsyX/RUhdg6
 

+ DyfjCFiUUC3uQbIjk1zbsm+UrDkid4y+hlVa/OfKQWc1VwNj1A2UMsotAScUKKJ9
 

+ aWBvh+g2p/9tAjPog8xAfAtyBpTkM9mC8jMklHD1xSk9TKXeg1gN7fnL7jLE4dyP
 

+ tF07+QisgGgxYhtQqNVmb7OmwbUqA2kW/SBYGEH187S8iFIErYv2dwZJGTshgivI
 

+ axDDBM4KS4Lk+eg7QwoAq/G/MHrr+hlm1kmi1dM0XXXC/zJ7I741WlwKq7jj/mzT
 

+ i4nKcU50EtyCcRDXW6/cbCEOsqoQddGdE7cszA5Y4IPP0vq5BQxsJMAG3TFiwf+6
 

+ dM+xdC0HJkX8oHFf+0SzBUJsIE3hplGsWoXXidmQLsyIbE++aQnb7cDSZWPsx9Sj
 

+ pSVIRX94/QNMlRnHPnE5kYi3+WNvum8mpsMAqbtGJDBv/5vOfoBRna1cYz/+akYB
 

+ Lj4e3rsvbK0Ue4W2Q9Ar9ZnC9qH+SP/ztpy6y8vuyejbC8y3tDJTdGV2ZSBTY2hu
 

+ ZXBwIDxzdGV2ZS5zY2huZXBwQG11bmluLW1vbml0b3Jpbmcub3JnPokCPQQTAQIA
 

+ JwIbAwUJEswDAAIeAQIXgAUCUgOeewULCQgHAwUVCgkICwUWAgMBAAAKCRAKJMBZ
 

+ mLpBM33CD/9vVPsukhGol6b27mPw9tSpc71SwwWbeQ7y3PrwMB1D/TzQMJQX6Pek
 

+ 2Y5nfvR17yJeKAj/NUOi38rfAdQxBlbbfEEsHpgQU46t5Wzn2lFmqRBNd+Y46u8e
 

+ dxVDw/8WIxZJmNNNTAm7+ZZpAbP+RbVa0/+sjzhxU4x8JHlIW5u1ybXiI/bJsNRI
 

+ tWQSIQ784AFJkEZh40A+6a/Z5bO5+mghxYrrwpWDiaiCURvv1SbRjOAqPPKx4sjx
 

+ MnnLObEJG71hpsPADjma+3bgUF4TMHCW36KmRN5WrzOfdRfSPWzlKLJm1AhOWxx0
 

+ NVQ4tD1Tmrib1YFr9qcw0jlumud7OUftAKl7dg1suoY3IkrsFUejwWGBSsFmq6Wb
 

+ qXVe+2Sy4FsoNKP9m1Wnzobc9n0S7GM+ODxOGQlmdDeteqH3KRD1SoTTk3DIKZ/E
 

+ t0QH9sKsUIQHBGaQBOWx7eXdeZPfPQ605UOiCXokAE90hb4+hZw87osCRrEdyvZL
 

+ +z/86OZHyQ8GdIbXXA1iPDme7IPzGWbHs61YbiZkQuomOPwfVGxtQzm1nJuhbyjI
 

+ i/xNiqKzjjRDMECli6AwF+8tOvOKGe3FTd5zYf2aaui9X1cuCYUfCTD6jfkNAxRt
 

+ /P40CiZFbQXTgJ2hev9wzxEIF/3eYljqmEWQuZYPFUIXiRyzuxjs5rkCDQRPWdFG
 

+ ARAAqPhsQQyG3WtS+cAOovd71u9qB1yQvaL/XAQrULPkp/Y+swdr3aNyclRZjBJf
 

+ dOVrTpqqLUL6LUtsu7GgfZgB+KxzqUt1rI5jiJAx4mIh+Hbn2Uf+4txlmUobR2y6
 

+ 6Ggu3TA3zEXTpxzJSKHOnCZSnLjLP7E5OOOa2DOFo7pkxxj7d8WMpEaTy77tQ1Kh
 

+ FkollC7fhUgioIPc06gpfDXzbTwMCHBrqwS8nHWYomNjizMqc1gKIKfDfhdU1KVk
 

+ RbTVw93DCs+5vI2OTpohP+GEuOwOjCkNxgjEH6Lf/97UCbxrQphk52JhJSvuPF7X
 

+ IwkKftesbSeQmocrvcwTIpo1UReDzrh935f/MuOCC6IBmjMvNqZxyuJRFwFR8FiE
 

+ 3desh4SQUuA2DaB0LDx9Cnu/bvI1S+9m7SO07m7aL1IQ1CBr5L+23JThylM8IUWk
 

+ oLEYtAxDHnPzrSz9SS8vZMNz6r4jFwpKNWtNIKBNOeJZrhFT0G6CtAha941YjqWL
 

+ oQU0e23U/cVAbfk7T6DmC/v90YN+ULHzOPn2gwwQJ+giXFajk/mVzI5jnlIgbQ/P
 

+ mWi669qRToQPdaxK83PAAz2nO3JIck1lrO9vmBSXaXVmW5+BtHDDEDwOn+6Egt65
 

+ +x94IYsxtngvrhgU/QcVWmezAT1GkusYjH+tN1xezUmt5zkAEQEAAYkCJQQYAQIA
 

+ DwUCT1nRRgIbDAUJEswDAAAKCRAKJMBZmLpBM+84D/42jMbiFW177BMOp5FD3dbn
 

+ iUoR8Q96JqiSeUNtly/thkMtCImWPzoO/rCDTN3slokAacNPLmrWJUF1UBrd0H/s
 

+ DF69A0xbw9YhXgEAQBQb09h8fALAAH8/fdGcb4mKFwCCsnDcd1Zax6Ur1CExG+Lf
 

+ xnYGgV/zqm0wBGnMk8c17vdmSztCBP/PH+VvuJnK1gudcnmfrJ9Qq0nt7w2gw9Sk
 

+ omybCRoskmESjhKQ7SesGsQdNq0Qpquiz0hHGXgLswrlSFFF4If15dBWIcvjcMfN
 

+ P8F0k/774XU0ZJdMGfNYfe4e+dPxJ6u7OuY/9U1iB2nSaFCBtXN4ZucMa4K2kAoa
 

+ Xv91oPsboo3p4bQR7/hacAvb+6Pzmitw9jMCRyotyY7sHrk9sKuLnYMmIjS6YkYa
 

+ HpRKN2D17wpb7pq7gbNVSjCBUzcqmWaZOfJRTALscLilsXSgi/nDc79kidSvTPuW
 

+ PkAjhK8L9ekcLSwk8ke3pOAH5YHDFs2ecXqRQUTt4L42hcAWEz7EZxBueSRuF8Z5
 

+ TqSbrqPgaWenkYkjuG3H9WG6JMUpcVLDKawTgleTOEwN+zTyffxj9cafT72g2rDB
 

+ smZdlQ8THfwbjg4VTzHmsKsl/M76IxnenxxBSmWG5TiM2zaOQFrQBN88Ro2aB/1a
 

+ L7FW3jHudm/cMmq68DXxQA==
 

+ =WQyk
 

+ -----END PGP PUBLIC KEY BLOCK-----

file modified
+14 -3 
@@ -1,11 +1,16 @@ 
 

  Name:      munin
 

- Version:   2.0.65
 

- Release:   3%{?dist}
 

+ Version:   2.0.66
 

+ Release:   1%{?dist}
 

  Summary:   Network-wide resource monitoring tool
 

  License:   GPLv2
 

  URL:       http://munin-monitoring.org/
 

  

  Source0:   http://downloads.munin-monitoring.org/munin/stable/%{version}/%{name}-%{version}.tar.gz
 

+ Source1:   http://downloads.munin-monitoring.org/munin/stable/%{version}/%{name}-%{version}.tar.gz.asc
 

+ # fpr=910846ADEE4C5D67C19B3E6F0A24C05998BA4133
 

+ # gpg --recv-keys $fpr
 

+ # gpg -a --export-options export-minimal --export $fpr >gpgkey-$fpr.asc
 

+ Source2:   gpgkey-910846ADEE4C5D67C19B3E6F0A24C05998BA4133.asc
 

  

  # Master sources
 

  Source10:  munin.conf
 
@@ -45,7 +50,8 @@ 
 

  

  BuildArch: noarch
 

  

- BuildRequires: make
 

+ BuildRequires:  gnupg2
 

+ BuildRequires:  make
 

  BuildRequires:  perl-interpreter >= 5.8
 

  BuildRequires:  perl-generators
 

  BuildRequires:  perl(base)
 
@@ -214,6 +220,7 @@ 
 

  

  

  %prep
 

+ %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
 

  %setup -q
 

  

  sed -i -e '
 
@@ -605,6 +612,10 @@ 
 

  

  

  %changelog
 

+ * Fri Feb 05 2021 Todd Zullinger <tmz@pobox.com> - 2.0.66-1
 

+ - Upgrade to 2.0.66
 

+ - Verify upstream signature
 

+ 

  * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.65-3
 

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

file modified
+2 -1 
@@ -1,1 +1,2 @@ 
 

- SHA512 (munin-2.0.65.tar.gz) = 8a0dc93de878e1d502467f4e8589a0af2b809ec7282033534de2fd17b842bbf864d900136516a668a8e3f80e99215062620a503c5f664c799892f77950b4859a
 

+ SHA512 (munin-2.0.66.tar.gz) = 3bccb04a3e8d059a223e510a0551b98d6ca1993d5d5e9a67a8f36af1e77f8656513549bed532bdb4d1fd3a3b0ae7a3a4c8165a16ccbb219ab376e7bceb6d38c8
 

+ SHA512 (munin-2.0.66.tar.gz.asc) = b72b3508093b5d918d16f609156e099d8beb0127f671f92d8d775237aede41495c30be43a168f65a2056dec0902e44b4a29bedbca1c6fa53e700e63dec3fc04a

Hi,

I was helping with a munin setup today and there was some interest in installing the latest stable version. So I thought I'd update the Fedora spec file and help prevent something ugly like sudo make install from happening. :)

Since upstream provides GPG signatures for the release archives, I added support for checking the signatures in %prep using the handy %{gpgverify} macro.

I've run a scratch build for Fedora 34 here and also built for EL-8 in mock. I have not done any extensive testing of the 2.0.66 update, so I debated whether or not to file a PR including that change. The diff from 2.0.65 to 2.0.66 looks pretty minimal though (as you'd expect from the 66th point release).

If you'd prefer to avoid the update but would like to see the GPG signature checking, I'm happy to rebase the change directly on top of the current 2.0.65 package. That's the change I'm most interested in, as it will make future updates more secure and easier to verify for others.

Thanks!

Pull-Request has been merged by kimheino
3 years ago

Thanks. I've actually been running 2.0.66 locally for a while and it seems to work fine. I'll start new builds for fedora/epel.

Wonderful, thanks for merging this and for keeping munin tended to in Fedora/EPEL Kim.
Metadata
None
No Tags
Changes Summary 4
+1 -1
file changed
.gitignore
+77
file added
gpgkey-910846ADEE4C5D67C19B3E6F0A24C05998BA4133.asc
+14 -3
file changed
munin.spec
+2 -1
file changed
sources
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.