diff --git a/.gitignore b/.gitignore index 8a345b1..92bf94d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /csdiff-*.tar.xz +/csdiff-*.tar.xz.asc diff --git a/csdiff-2.3.0.tar.xz.asc b/csdiff-2.3.0.tar.xz.asc deleted file mode 100644 index 7763219..0000000 --- a/csdiff-2.3.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmIwQ/gACgkQhz2zdXKj -ezb1exAAhXvIQf9SIEXPrUzV4aM9wMXxrziBo1nuM9saGooaRWwiwnclYxYy7MTs -BYM2HLnadmIae9jyKUI3IkwY8WqigcvIGDRY1yahI3i4j+tbiE8fwua/RREPqHyB -J3LDLGbZ1gCF7tAC/9X8GHRci6mJH2AyBOZWkkmyIxbFfSKkGnrNQButr4eqeIth -sBexEFIHKWdfxrTWLL0ZunLI+trXtugs/nUiA8RRgHI5fxU47hOvJTC+qh2UdIL0 -pMWwavCzaV9VjErvqlZVeUTejYbFyUJPkl0BWcKFX8chd0PBdbB+x/tHx1lVkW97 -P+TdGi0F24uF3DKaNk2p2EYfywZ3u3IAG3RiyJE+qYdukDiEEIIMH9SzvF+1V2/X -5sH9wEuMvRsqe6Io4wFoN0fYvg9H/4OmFrhlm0TuA8lWtbhMaCjmVF973Y3n47jj -YkbUPZTkYyBDnTCfLllPqZwK2Ulhb93RQJmZNrn4VxHnshO3V0EFidUiGKMDeHJ5 -ylKbx6WXlUwWQijcp5TAarePebCXe//hmE8R8ZOWBz2yw4fgY6p0njHx5/Twty5n -tivQ1RHwc4o0sVhYyHsMd6SNXcgR7lM9bb21gI/NAXXOLmnMeAi/KKfZxz0meOG3 -BjJEdO6Hfh5BQr/9yRvpCMVV5i60h1947rk97llhaz7yg0UX6oE= -=lYjo ------END PGP SIGNATURE----- diff --git a/csdiff.spec b/csdiff.spec index 889b2cd..0ce0b44 100644 --- a/csdiff.spec +++ b/csdiff.spec @@ -10,12 +10,16 @@ Name: csdiff Version: 2.3.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Non-interactive tools for processing code scan results in plain-text License: GPLv3+ URL: https://github.com/csutils/csdiff Source0: https://github.com/csutils/csdiff/releases/download/%{name}-%{version}/%{name}-%{version}.tar.xz +Source1: https://github.com/csutils/csdiff/releases/download/%{name}-%{version}/%{name}-%{version}.tar.xz.asc +# gpg --keyserver pgp.mit.edu --recv-key 992A96E075056E79CD8214F9873DB37572A37B36 +# gpg --output kdudka.pgp --armor --export kdudka@redhat.com +Source2: kdudka.pgp # the following upstream commit is needed to work with up2date csdiff/csgrep # https://github.com/kdudka/csmock/commit/48b09b3a @@ -24,6 +28,7 @@ Conflicts: csmock-plugin-shellcheck <= 2.5 BuildRequires: boost-devel BuildRequires: cmake BuildRequires: gcc-c++ +BuildRequires: gnupg2 BuildRequires: help2man BuildRequires: make @@ -65,6 +70,7 @@ code scan defect lists to find out added or fixed defects. %endif %prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %setup -q %build @@ -134,6 +140,9 @@ ctest %{?_smp_mflags} --output-on-failure %endif %changelog +* Tue Mar 15 2022 Miro HronĨok - 2.3.0-2 +- Verify GPG signature of upstream tarball when building the package + * Tue Mar 15 2022 Kamil Dudka 2.3.0-1 - update to latest upstream release diff --git a/kdudka.pgp b/kdudka.pgp new file mode 100644 index 0000000..ee89e90 --- /dev/null +++ b/kdudka.pgp @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFgjU54BEACwGTSIP9AVBahlfv/y4snLRvlU4UWWqn8bxjh/GFTVs+l8gqOD +3dT9AhbnMWfvr94nA6dXVVx8t8akn3ybVLKeii3vOSel8ayAnIXYjtowPh/TlheO +BSo4EcVo0IFLtiUhC0XHMngITkr6mGphzKOAjS5Kur1j09tawhWMtgeDWw9dZnvc +mH7f03mwvFv49YYqztaKcGvWlrLjj1O18Un5euGx18L+udG3RfeWMpzinwvcv2n7 +sH45FVqH6wu/okOJkXShsD883NRlz652knvzuUZNqcc+l/uNm8FVB8hH7qvKJu7P +v1HpNSYlLqRpAREepYxdb/KJEJ5X3EoczLHM1zugB6cRi9REQ5rt1dqS8VOn5Svw +v4OZZUjZf/LvAB3KOl5RI40pa8zAI/ymxTZ6qZzFOp7u8XEy3GzURrYBMKJIW03Z +E61RI+7SJKr4yeboWSfYJbV6RQJyu8X77H9L0F6O+LHoLSoHIRmkcniwEMwl5THV +tUl9Daxgey+qNq1twLLV6vx8f8eyuPCdeP6ZhhUhOH4sAyh0oGZMHxiNhAFeyRdo +JqTXfgqLX39jwH54eJ3Cbhndwu47glipMO1HQX1XS5Rt7LfEMCTLUGSFW1xljLOI +8d9fExEyTzJMVIsQJoaAvPEX4cfhcAUFQLijPkt29Wvv3WsAIVFEgoLMNwARAQAB +tB9LYW1pbCBEdWRrYSA8a2R1ZGthQHJlZGhhdC5jb20+iQJUBBMBCAA+AhsDBQsJ +CAcCBhUICQoLAgQWAgMBAh4BAheAFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAl+1 +eU8FCQ8W87EACgkQhz2zdXKjezaYpw//UwiegIs8Xe79CERudpz7AM0BbRE6VaAU +QP1dMsTzIUU3HqpRrRfuCLIcbbUb7lCzAmu0SShvrt1ZUY87RXZQDJFsbHneHIKb +wIxIr6bRtwv1+I9A6bIWYDPdjgost4v2O2GdvDegdC6aDFJa6p7uYF3YqR1GvlCN +RC0DPvoZLIaHO7q+9o9WN6pe1OBmHdkzfJue9FmJxUhXGhaFGNQ/E9ahZRWv7D4e +3fxH8B2lqgmLGAYsbMjgiOJFxcbIWMzltIj0hJ1x3ajUdY1B6rLf6QcgXnKJIXVR +Svp0s283PfhnCzoXvKFvBuUaXQfNsW3MnIJFJEWDuy1TzMdK44AmQp8iQTGVIajd +2Wdmxxd54dl3GjuHPXXJZ92DG5H52cC+4TZuM4yH9gvOxwtdIafOSkvtTHYh4POF +piqiM67UG2a8JkW7CKPGFqfrdkM+yOfU31ouHL68q3XIpkB4z1f2w6mscdW2d7AQ +3VLpb+WCeoWRy6HrRYAJZjs78Rea8N9dSzUOI2ac2OUR9Mqp6TMXed6V+6b1ogbI +4I0Ni8562kPFxnjiTUhrcXNroBvQUktkEXjuk5ZOG/fJaL0lN39Cq9ImznCEGuvn +mb+sZ//kH7N5w8tTc3mK4NvQw8LkDyS5LItx1H2Gzybxsl5d0OajJpUY4PZeppjH +rxXke/QpXHq5Ag0EWCNTngEQALkRI0PUaVE9j19uyjINlxb/3nwKHmbTChQzPJFn +adUwbmXfChmK/vyE8XBaIFIWSJ/94W9Y1/aGPlK4my7GqkiS4q6Lf32YWBNqihvH +mxKuIYv2+6Z8E34yRFwmbA20RpZCy7AGIg0/LACfM4Bw+DVUhTRMl2O/muKrxd/O +/WLn30RoYG+D4+mE0xJu+XsHivx2DqvdkKO+Rzo8131ByiWOk6P37McFtYiPjEjh +ztTBcnNjd+a3xB/XDHd1Lcs7GmBqw0X10KnxC8xSzSqGSRFYF1aJYdxhayxXGJz/ +p1Dd6mt2eT46rYUGhFWlFH7FXGsWapR8ELY42clcFgGmQ7Yps+dZ6Kx8HnEYKsIY +ONBqjS/dTKSrOMvkCSY0CwiCjKPM5uan5lQ9GMwbEZOQ5dcEVJOiVSfneeYpEjD/ +oyapPrDefdsCD5Gvt2kSbDZSDR5GeO8epZ02hu/zMQxDayqdLTxAaDByDVTvRCnc +BLDcpvzXVAUdjIkfzDqZlLRgZu/8oNjOpWypUEE0mQfus6fDOLrt1h/0SqcJar70 +mi0QzBlOLrksJerXygDYJus80trCJPbr5DkCy2nQdfaeUissbt4kJTBirhhMtuyZ +bBOQ42qm5pGef74hye1dCUddlBcb/BmIecsQ5a7EegKBDoU6ZsLcs5xnPgNwJa5U +5VstABEBAAGJAjwEGAEIACYCGwwWIQSZKpbgdQVuec2CFPmHPbN1cqN7NgUCX7V5 +agUJDxbzzAAKCRCHPbN1cqN7NiVdEACGZX+sMSfpW47ARmsg9EsWh983SafWEi4V +Gp3bRgOM3X4hwp8iFS/jpD8iNQpiRztSAx6s0l2pirAKFiKaaHrarVrYM4lrSoau +J1LeWeAy9jHRstk21Iu/myM8gfBdl9tOlrdv5NhD98tCdE/2hTtOLlZbYboNl+ug +0g/3yM4KPgqXLvVpS3QBoiueTfFoSawb20lZCcDon43BGg+wS/2j7Vu9Q1Dj3fEz ++QV4S7JvMFP6MYV2ITvj3xajXpRkuNG8s76o/u8m2PYQ77sAl+mN446Lp+bwdQeE +s7j79i/2kk+djVDtgTGyRyDD/4drXOMtVKRpxDDp1YOl896cRP4PJWNK8oLlF8IY +ItdhN/UijK6hZoXLyQDK/DQfmTjpGEQTzFCNW8CdwvTSjK7o6lJZtrv4R4rBJ3Sd +kcr9rQO/uGlYblzX70iXQMKpiCb1xo3MBCUFfiq05sTNVzRNVleo9nVf0WhCgnl7 +M9Tojh31sra9IzDAy9exga8dD/tvnebYjXYmGXfQyrPAnSSTLSjAQmlNzgx8FM96 +WB+XJDJFALy/MV35XKi9c5SLE3hSPEhqrwnTQ5g3jOPrexhUZR6w0qDXVoQH/3p0 +vXqQ3yx3yrREeBOW6qhHeYk3w2z7EAg4nNovAHgd68zXE9ZfCAGfWIerZsOuhdHS +lwvfpMesuQ== +=XhUt +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index bf7a9ca..a6c0d26 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (csdiff-2.3.0.tar.xz) = 6b152c11c42fae12ad52b83856a988c54d975f596edad6cfcd94b48ed9513eb3f8acc56738afc485949cd511d1147c57f9e16010551558791bb0f41c50305c1b +SHA512 (csdiff-2.3.0.tar.xz.asc) = b6c4c2f20b22b71617c479739a6bae81e1074f7f4ea3192514b1ba14aa4202e0672e2b79a58c856f3696b809d5819232f51c54f54bebf5f4651b5581ee428ddd