FS#58603 : [usbutils] Add signature verification of the source tarball

FS#58603 - [usbutils] Add signature verification of the source tarball

Attached to Project: Arch Linux
Opened by Leonid Isaev (lisaev) - Tuesday, 15 May 2018, 09:31 GMT
Last edited by Doug Newgard (Scimmia) - Tuesday, 15 May 2018, 15:19 GMT

Task Type	Feature Request
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

The PKGBUILD of usbutils fetches source from http://www.kernel.org/pub/linux/utils/usb/usbutils/ , but doesn't make use of the signature available alongside the source tarball, for example, usbutils-009.tar.xz and usbutils-009.tar.sign. The key belongs to gregkh (647F28654894E3BD457199BE38DBBDC86092693E) and is the same as in the linux package, so we only need to add a few lines to the PKGBUILD, see attached diff against SVN trunk...

Thanks!

PKGBUILD.diff (0.7 KiB)

This task depends upon

Closed by Doug Newgard (Scimmia)
Tuesday, 15 May 2018, 15:19 GMT
Reason for closing: Deferred
Additional comments about closing: Covered by https://www.archlinux.org/todo/use-gpg-s ignatures-and-https-sources/

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#58603 - [usbutils] Add signature verification of the source tarball

Details

Loading...