microsoft · PawelWMS · Jan 21, 2022 · Jan 21, 2022 · Jan 21, 2022
@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "hivex-1.3.18.tar.gz": "8a1e788fd9ea9b6e8a99705ebd0ff8a65b1bdee28e319c89c4a965430d0a7445",
-  "hivex-1.3.18.tar.gz.sig": "a571bdac71f53fd95598fe3857b7c3d319d69360d5499c2c41a82bf60a43fad8",
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8"
+  "hivex-1.3.18.tar.gz": "8a1e788fd9ea9b6e8a99705ebd0ff8a65b1bdee28e319c89c4a965430d0a7445"
  }
 }
@@ -7,26 +7,15 @@ Distribution:   Mariner
 %bcond_with ocaml
 %endif
 
-# Verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
-
 Name:           hivex
 Version:        1.3.18
-Release:        22%{?dist}
+Release:        23%{?dist}
 Summary:        Read and write Windows Registry binary hive files
 
-License:        LGPLv2
+License:        LGPLv2+
 URL:            http://libguestfs.org/
 
 Source0:        http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz
-%if 0%{verify_tarball_signature}
-Source1:        http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz.sig
-%endif
-
-# Keyring used to verify tarball signature.
-%if 0%{verify_tarball_signature}
-Source2:       libguestfs.keyring
-%endif
 
 # Patches - all upstream since 1.3.18.
 Patch0001:      0001-Win-Hivex-Regedit-Accept-CRLF-line-endings.patch
@@ -65,9 +54,6 @@ BuildRequires:  rubygem(minitest)
 BuildRequires:  rubygem(rdoc)
 BuildRequires:  readline-devel
 BuildRequires:  libxml2-devel
-%if 0%{verify_tarball_signature}
-BuildRequires: gnupg2
-%endif
 
 # https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Packages_granted_exceptions
 Provides:      bundled(gnulib)
@@ -180,9 +166,6 @@ ruby-%{name} contains Ruby bindings for %{name}.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %setup -q
 %autopatch -p1
 
@@ -226,7 +209,8 @@ if ! make check -k; then
 fi
 
 %files -f %{name}.lang
-%doc README LICENSE
+%license LICENSE
+%doc README
 %{_bindir}/hivexget
 %{_bindir}/hivexml
 %{_bindir}/hivexsh
@@ -237,15 +221,13 @@ fi
 
 
 %files devel
-%doc LICENSE
 %{_libdir}/libhivex.so
 %{_mandir}/man3/hivex.3*
 %{_includedir}/hivex.h
 %{_libdir}/pkgconfig/hivex.pc
 
 
 %files static
-%doc LICENSE
 %{_libdir}/libhivex.a
 
 
@@ -289,6 +271,10 @@ fi
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <[email protected]> - 1.3.18-23
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Thu Oct 14 2021 Pawel Winogrodzki <[email protected]> - 1.3.18-22
 - Switching to using full number for the 'Release' tag.
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).

@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8",
-  "libnbd-1.3.6.tar.gz": "0f3cc65bc69d2e7637ed424b6546bd0af32be2bd58c9e6bdf494074cbb07ac05",
-  "libnbd-1.3.6.tar.gz.sig": "c6308755badfa0f750c816330e4a83ac8e6219aab631a35fe0efdb19dc68bb0a"
+  "libnbd-1.3.6.tar.gz": "0f3cc65bc69d2e7637ed424b6546bd0af32be2bd58c9e6bdf494074cbb07ac05"
  }
 }
@@ -1,6 +1,3 @@
-# If we should verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
-
 # If there are patches which touch autotools files, set this to 1.
 %global patches_touch_autotools %{nil}
 
@@ -9,7 +6,7 @@
 
 Name:           libnbd
 Version:        1.3.6
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        NBD client library in userspace
 
 License:        LGPLv2+
@@ -18,20 +15,11 @@ Distribution:   Mariner
 URL:            https://github.com/libguestfs/libnbd
 
 Source0:        http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz
-Source1:        http://libguestfs.org/download/libnbd/%{source_directory}/%{name}-%{version}.tar.gz.sig
-# Keyring used to verify tarball signature.  This contains the single
-# key from here:
-# https://pgp.key-server.io/pks/lookup?search=rjones%40redhat.com&fingerprint=on&op=vindex
-Source2:       libguestfs.keyring
 
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool
 %endif
 
-%if 0%{verify_tarball_signature}
-BuildRequires:  gnupg2
-%endif
-
 # For the core library.
 BuildRequires:  gcc
 BuildRequires:  /usr/bin/pod2man
@@ -91,7 +79,7 @@ The key features are:
 
 %package devel
 Summary:        Development headers for %{name}
-License:        LGPLv2+ and BSD
+License:        BSD and LGPLv2+
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 
 
@@ -110,6 +98,7 @@ This package contains OCaml language bindings for %{name}.
 
 %package -n ocaml-%{name}-devel
 Summary:        OCaml language development package for %{name}
+License:        BSD and LGPLv2+
 Requires:       ocaml-%{name}%{?_isa} = %{version}-%{release}
 
 
@@ -135,7 +124,7 @@ python3-%{name} contains Python 3 bindings for %{name}.
 
 %package -n nbdfuse
 Summary:        FUSE support for %{name}
-License:        LGPLv2+ and BSD
+License:        BSD and LGPLv2+
 Requires:       %{name}%{?_isa} = %{version}-%{release}
 
 
@@ -158,9 +147,6 @@ for %{name}.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %autosetup -p1
 %if 0%{patches_touch_autotools}
 autoreconf -i
@@ -270,6 +256,10 @@ make %{?_smp_mflags} check || {
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <[email protected]> - 1.3.6-3
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Fri Oct 15 2021 Pawel Winogrodzki <[email protected]> - 1.3.6-2
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 

@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8",
-  "nbdkit-1.20.7.tar.gz": "999242d56787f69b79eddcd64e5cb2c3071d4bd8ed98dc7da711a09fca8095ec",
-  "nbdkit-1.20.7.tar.gz.sig": "ce2abbbdedd2187d53d327fe3479a513832886730c435932ff37c9b1df584226"
+  "nbdkit-1.20.7.tar.gz": "999242d56787f69b79eddcd64e5cb2c3071d4bd8ed98dc7da711a09fca8095ec"
  }
 }
@@ -29,9 +29,6 @@ Distribution:   Mariner
 ExclusiveArch:  x86_64
 %endif
 
-# If we should verify tarball signature with GPGv2.
-%global verify_tarball_signature 1
-
 # If there are patches which touch autotools files, set this to 1.
 %global patches_touch_autotools %{nil}
 
@@ -40,18 +37,13 @@ ExclusiveArch:  x86_64
 
 Name:           nbdkit
 Version:        1.20.7
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        NBD server
 
 License:        BSD
 URL:            https://github.com/libguestfs/nbdkit
 
 Source0:        http://libguestfs.org/download/nbdkit/%{source_directory}/%{name}-%{version}.tar.gz
-%if 0%{verify_tarball_signature}
-Source1:        http://libguestfs.org/download/nbdkit/%{source_directory}/%{name}-%{version}.tar.gz.sig
-# Keyring used to verify tarball signature.
-Source2:       libguestfs.keyring
-%endif
 
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool
@@ -86,9 +78,6 @@ BuildRequires:  ocaml >= 4.02.2
 BuildRequires:  ruby-devel
 BuildRequires:  tcl-devel
 BuildRequires:  lua-devel
-%if 0%{verify_tarball_signature}
-BuildRequires:  gnupg2
-%endif
 
 # Only for running the test suite:
 BuildRequires:  /usr/bin/certtool
@@ -590,9 +579,6 @@ for %{name}.
 
 
 %prep
-%if 0%{verify_tarball_signature}
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%endif
 %autosetup -p1
 %if 0%{patches_touch_autotools}
 autoreconf -i
@@ -974,6 +960,10 @@ make %{?_smp_mflags} check || {
 
 
 %changelog
+* Fri Jan 21 2022 Pawel Winogrodzki <[email protected]> - 1.20.7-3
+- Removing in-spec verification of source tarballs.
+- License verified.
+
 * Fri Apr 30 2021 Pawel Winogrodzki <[email protected]> - 1.20.7-2
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 - Making binaries paths compatible with CBL-Mariner's paths.

@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "libguestfs.keyring": "de74373a15bd572ad74f276ee063d2cefa915470863829c0dda6af488d6315d8",
-  "virt-p2v-1.42.0.tar.gz": "b1164bde6658646f11e8ff0da36fe5acbedde3445cc8424110c08fc144564e20",
-  "virt-p2v-1.42.0.tar.gz.sig": "3276dc9f458cdfea747d80175ef01a25416f066da074e006c59cdbcfe07f50da"
+  "virt-p2v-1.42.0.tar.gz": "b1164bde6658646f11e8ff0da36fe5acbedde3445cc8424110c08fc144564e20"
  }
 }