Jonathan Wright via devel wrote:
> My latest commit to rawhide adds signature verification and updates the
> source URL to https.
>
> https://src.fedoraproject.org/rpms/mdadm/c/c8d54b071aea9605ab75f3c5ff67d44d306e7fb2?branch=rawhide
A comment in the spec file says:
# keyring should be
Yep, URLs for both will be in the next commit.
Thanks
On Wed, May 8, 2024 at 4:28 PM Carlos Rodriguez-Fernandez <
carlosrodrifernan...@gmail.com> wrote:
> If a maintainer changes the version, they would need to find the URL and
> download the sign file again and do the switcharoo. The key, on
If a maintainer changes the version, they would need to find the URL and
download the sign file again and do the switcharoo. The key, on the
other hand, won't likely change, and if there is a change, it is good to
detect it. Are you sure you don't want to make the signature also a url
source
Thanks for the feedback and examples.
My latest commit to rawhide adds signature verification and updates the
source URL to https.
https://src.fedoraproject.org/rpms/mdadm/c/c8d54b071aea9605ab75f3c5ff67d44d306e7fb2?branch=rawhide
Updated build is building in the side tag:
I have this in the %prep in libcap, which is a similar situation:
gzip -cd %{SOURCE0} | %{gpgverify} --keyring='%{SOURCE2}' --signature='
%{SOURCE1}' --data=-
On Wed, May 8, 2024 at 1:45 PM Jonathan Wright via devel <
devel@lists.fedoraproject.org> wrote:
> I was having trouble finding the
Am 08.05.24 um 22:44 schrieb Jonathan Wright via devel:
I was having trouble finding the public key(s). I'll look more into
this now.
They sign the tar archive before it is compressed, so I'll have to stray
from the standard way of verifying the sigs in the docs a little.
Here is an
I was having trouble finding the public key(s). I'll look more into this
now.
They sign the tar archive before it is compressed, so I'll have to stray
from the standard way of verifying the sigs in the docs a little.
Thanks for the info.
On Wed, May 8, 2024 at 3:16 PM Carlos
Would you want to validate the tar download with the signature provided
by upstream? It has ".sign" files [1]. The public keys should be in here [2]
[1] https://mirrors.edge.kernel.org/pub/linux/utils/raid/mdadm/
[2] https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/plain/keys
On 5/8/24
Hi,
I'm preparing to update mdadm from 4.2 to 4.3 in rawhide. There are no
breaking changes and it's a relatively minor update except that this is my
first major update to it since taking over the mdadm package from the
previous maintainer after it was orphaned.
The majority of the changes in