FS#58603 - [usbutils] Add signature verification of the source tarball
Attached to Project:
Arch Linux
Opened by Leonid Isaev (lisaev) - Tuesday, 15 May 2018, 09:31 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 15 May 2018, 15:19 GMT
Opened by Leonid Isaev (lisaev) - Tuesday, 15 May 2018, 09:31 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 15 May 2018, 15:19 GMT
|
Details
The PKGBUILD of usbutils fetches source from
http://www.kernel.org/pub/linux/utils/usb/usbutils/
, but doesn't make use of the signature available alongside
the source tarball, for example, usbutils-009.tar.xz and
usbutils-009.tar.sign. The key belongs to gregkh
(647F28654894E3BD457199BE38DBBDC86092693E) and is the same
as in the linux package, so we only need to add a few lines
to the PKGBUILD, see attached diff against SVN trunk...
Thanks! |
This task depends upon
Closed by Doug Newgard (Scimmia)
Tuesday, 15 May 2018, 15:19 GMT
Reason for closing: Deferred
Additional comments about closing: Covered by https://www.archlinux.org/todo/use-gpg-s ignatures-and-https-sources/
Tuesday, 15 May 2018, 15:19 GMT
Reason for closing: Deferred
Additional comments about closing: Covered by https://www.archlinux.org/todo/use-gpg-s ignatures-and-https-sources/
PKGBUILD.diff