405f279
@@ -1,2 +1,3 @@
libss7-1.0.2.tar.gz
/libss7-2.0.0.tar.gz
+ /libss7-2.0.0.tar.gz.asc
@@ -1,16 +1,32 @@
Name: libss7
Version: 2.0.0
- Release: 3%{?dist}
+ Release: 4%{?dist}
Summary: SS7 protocol services to applications
License: GPLv2
- URL: http://www.asterisk.org/
- Source0: http://downloads.digium.com/pub/telephony/libss7/releases/libss7-%{version}.tar.gz
-
+ URL: https://www.asterisk.org/
+ %global src_base https://downloads.asterisk.org/pub/telephony/%{name}/releases
+ Source0: %{src_base}/%{name}-%{version}.tar.gz
+ Source1: %{src_base}/%{name}-%{version}.tar.gz.asc
+ # Keyring with developer signatures created on 2020-12-04 with:
+ #
+ # gpg --with-fingerprint libss7-2.0.0.tar.gz.asc 2>&1 |
+ # awk '$2 == "using" { print "0x" $NF }' |
+ # xargs gpg2 --no-default-keyring --keyring ./libss7-tmp.gpg \
+ # --keyserver=hkp://pool.sks-keyservers.net --recv-keys
+ # gpg2 --export --export-options export-minimal --keyring ./libss7-tmp.gpg \
+ # > libss7.gpg
+ # rm -f ./libss7-tmp.gpg
+ # Inspect keys using: gpg --list-keys --keyring ./libss7.gpg
+ Source2: %{name}.gpg
+
+ BuildRequires: gnupg2
BuildRequires: gcc
%description
libss7 is a userspace library that is used for providing SS7 protocol
services to applications. It has a working MTP2, MTP3, and ISUP for
@@ -27,6 +43,7 @@
developing applications that use %{name}.
%prep
+ %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup0 -q
%build
@@ -50,6 +67,10 @@
%{_libdir}/*.so
%changelog
+ * Fri Dec 4 2020 Benjamin A. Beasley <code@musicinmybrain.net> - 2.0.0-4
+ - Add source file verification
+ - Convert URLs from HTTP to HTTPS
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
@@ -1,1 +1,2 @@
SHA512 (libss7-2.0.0.tar.gz) = 4caa14070000d55c55addf63d60cb2c6113d177f98f8168a1ff2b42c0941bbc5f892cf170fbf73de5069de5185b4bd64e50645385b3c39e00bc16bded7782858
+ SHA512 (libss7-2.0.0.tar.gz.asc) = ac72c34df1e10539a5fb8744c6e006cad2e8981c3efe45be1f36cbcb6c2bbd87a32a651d364cde5c48cbde0a341f29ce67c472f4215b00b17fcb05a57fcd50d1
Comply with https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification.
The asterisk package already does this, and I just implemented it for libpri.
See also https://src.fedoraproject.org/rpms/dahdi-tools/pull-request/1.
Closed in favvor of https://src.fedoraproject.org/rpms/libss7/pull-request/2.
Pull-Request has been closed by music
Comply with https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification.
The asterisk package already does this, and I just implemented it for libpri.
See also https://src.fedoraproject.org/rpms/dahdi-tools/pull-request/1.