[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Implementing a macro for use before %setup.

Hello all,

I just finished up my scripts and I'd like to post them here and get some feedback.  

rpm-md5-check.sh - If you have source.tar.gz, and source.tar.gz.md5 this script compares the md5sums.

rpm-gpg-check.sh - If you have source.tar.gz, and source.tar.gz.sig or source.tar.gz.asc this script verifies the gpg/pgp signatures.
Script will also automagically download the keyfile from your keyserver if you don't already have it.  Script also takes the keyid as an
arguement.  Also has colorful messages compared to the md5 script, I care more about gpg verification than md5 for obvious reasons.

If the scripts fail, they exit 2 so you can check your files.

These scripts should also be available on the website soon. (we're in the middle of moving to a new server.. fun)

usage is pretty easy.  here is the example from my openssh.spec:

[ -x /usr/lib/rpm/rpm-md5-check.sh ] && SOURCE=%{name}-%{version}.tar.gz /usr/lib/rpm/rpm-md5-check.sh
[ -x /usr/lib/rpm/rpm-gpg-check.sh ] && SOURCE=%{name}-%{version}.tar.gz /usr/lib/rpm/rpm-gpg-check.sh 86FF9C48
%setup -q

here is some sample output:


+ SOURCE=wget-1.8.2.tar.gz
+ /usr/lib/rpm/rpm-md5-check.sh
Source md5 verification file found.
/usr/space/distro/organized_sources/wget ~/rpm_build/BUILD
wget-1.8.2.tar.gz: OK
Verfication complete.
md5sum's are the same.
+ cd /home/miah/rpm_build/BUILD
+ rm -rf wget-1.8.2


+ SOURCE=openssh-3.5p1.tar.gz
+ /usr/lib/rpm/rpm-md5-check.sh
Source md5 verification file not found.
+ '[' -x /usr/lib/rpm/rpm-gpg-check.sh ']'
+ SOURCE=openssh-3.5p1.tar.gz
+ /usr/lib/rpm/rpm-gpg-check.sh 86FF9C48
Source gpg verification file found. [.sig]
gpg: Signature made Fri Oct  4 06:34:43 2002 GMT-5 using DSA key ID 86FF9C48
gpg: Good signature from "Damien Miller (Personal Key) <djm@mindrot.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3981 992A 1523 ABA0 79DB  FC66 CE8E CB03 86FF 9C48
SUCCESS: Source verification completed.
+ cd /home/miah/rpm_build/BUILD
+ rm -rf openssh-3.5p1

I'm open for all questions/comments/patches.


On Mon, Feb 10, 2003 at 06:16:54PM -0800, miah wrote:
> Hello all,
> I would like to implement a script for checking the source archives for things like md5sum, and pgp/gpg file signatures.  I'd like to run this before %setup.  I don't want to write the script and then have to include that in every rpm though, is there a way I can setup/use a macro to do this? What gets run before %setup, but after %prep, is there anything I could redifine to do this?  I realize I could just run the script from each rpm, but I want this to happen by default for every rpm built systemwide.
> Any idea's / responses would be appreciated.
> Thanks
> -miah 
> _______________________________________________
> Rpm-list mailing list
> Rpm-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/rpm-list

Attachment: rpm-gpg-check.sh
Description: Bourne shell script

Attachment: rpm-md5-check.sh
Description: Bourne shell script

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []