[libHX/f19: 3/3] Update to latest release

Till Maas till at fedoraproject.org
Sun Nov 9 15:49:58 UTC 2014 

commit c080d36dbdb706749bea230239c3a6e3690ad489
Author: Till Maas <opensource at till.name>
Date:   Sun Nov 9 16:47:40 2014 +0100

    Update to latest release
    
    - Add source code verification
    - Harden build

 .gitignore                                         |    2 ++
 ...ey-B56B8B9D9915AA8796EDC013DFFF2CDB19FC338D.gpg |  Bin 0 -> 5659 bytes
 libHX.spec                                         |   17 ++++++++++++++---
 sources                                            |    4 ++--
 4 files changed, 18 insertions(+), 5 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index dbf18a7..3c34834 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@
 /libHX-3.16.tar.xz.asc
 /libHX-3.18.tar.xz
 /libHX-3.18.tar.xz.asc
+/libHX-3.22.tar.asc
+/libHX-3.22.tar.xz
diff --git a/gpgkey-B56B8B9D9915AA8796EDC013DFFF2CDB19FC338D.gpg b/gpgkey-B56B8B9D9915AA8796EDC013DFFF2CDB19FC338D.gpg
new file mode 100644
index 0000000..6e2171c
Binary files /dev/null and b/gpgkey-B56B8B9D9915AA8796EDC013DFFF2CDB19FC338D.gpg differ
diff --git a/libHX.spec b/libHX.spec
index e69e863..bef36e4 100644
--- a/libHX.spec
+++ b/libHX.spec
@@ -1,16 +1,21 @@
+%global _hardened_build 1
+
 Name:           libHX
-Version:        3.18
-Release:        3%{?dist}
+Version:        3.22
+Release:        1%{?dist}
 Summary:        Useful collection of routines for C and C++ programming
 
 Group:          System Environment/Libraries
 License:        LGPLv2 or LGPLv3
 URL:            http://sourceforge.net/projects/libhx/
 Source0:        http://downloads.sourceforge.net/libhx/libHX-%{version}.tar.xz
-Source1:        http://downloads.sourceforge.net/libhx/libHX-%{version}.tar.xz.asc
+Source1:        http://downloads.sourceforge.net/libhx/libHX-%{version}.tar.asc
+Source2:        gpgkey-B56B8B9D9915AA8796EDC013DFFF2CDB19FC338D.gpg
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:  perl gcc-c++
+# For source verification with gpgv
+BuildRequires:  gpg xz
 
 
 %description
@@ -38,6 +43,7 @@ developing applications that use %{name}.
 
 
 %prep
+xzcat %{SOURCE0} | gpgv --quiet --keyring %{SOURCE2} %{SOURCE1} -
 %setup -q
 
 
@@ -96,6 +102,11 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Sun Nov 09 2014 Till Maas <opensource at till.name> - 3.22-1
+- Update to latest release
+- Add source code verification
+- Harden build
+
 * Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.18-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
 
diff --git a/sources b/sources
index 31166af..0976e89 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-2f7b509add64cbb31acea419017dca4f  libHX-3.18.tar.xz
-e41d56b70537656e0077aafb703bcbb0  libHX-3.18.tar.xz.asc
+19bf74b357d08514db97917a16f10e75  libHX-3.22.tar.asc
+b2cb9e7930bc2826ac0a00a88cf40a8d  libHX-3.22.tar.xz

More information about the scm-commits mailing list