#
# spec file for package uyuni-build-keys
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

%global gpgdirroot %{_datarootdir}/susemanager/gpg

%global susemanager_build_keys_version 15.4.9

%if 0%{?rhel}
%global apache_name httpd
%else
%global apache_name apache2
%endif

Name:           uyuni-build-keys
BuildRequires:  gpg
Requires:       gpg
Requires:       (awk or gawk)
Requires:       %{apache_name}
Provides:       susemanager-build-keys = %{susemanager_build_keys_version}
AutoReqProv:    off
Summary:        The public gpg keys for rpm package signature verification
License:        GPL-2.0-or-later
Group:          System/Packages
URL:            https://www.uyuni-project.org/
Version:        2023.04.1
Release:        220400.3.1.uyuni2

# pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
# SLE12: The main package signing key.
Source2:        gpg-pubkey-39db7c82-5f68629b.asc
# pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
# SLE12 Fallback key if main key gets lost.
Source3:        gpg-pubkey-50a3dd1c-50f35137.asc

# pub  1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
# SLE11 build@suse.de key, 1024 bit
Source4:        gpg-pubkey-307e3d54-5aaa90a5.asc

# pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
# SLE10 build@suse.de key, 1024 bit
Source5:        gpg-pubkey-9c800aca-5aaa90c5.asc

# pub   1024D/0182B964 2008-11-05 Extended Support Package Signing Key (Extended Support Package Signing Key) <extended-build@novell.com>
# EPAM RES build key
Source6:        gpg-pubkey-0182b964-4911a584.asc

# pub   2048R/3DBDC284 2008-11-07 openSUSE Project Signing Key <opensuse@opensuse.org>
Source7:        gpg-pubkey-3dbdc284-53674dd4.asc

# pub   2048R/0D20833E 2018-06-18 systemsmanagement:Uyuni:Master OBS Project <systemsmanagement:Uyuni:Master@build.opensuse.org>
Source8:        gpg-pubkey-0d20833e.asc

# pub rsa4096/C105B9DE 2011-07-03 CentOS-6 Key (CentOS 6 Official Signing Key) <centos-6-key@centos.org>
# CentOS-6 Key
Source9:        RPM-GPG-KEY-CentOS-6

# pub rsa4096/F4A80EB5 2014-06-23 CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>
# CentOS-7 Key
Source10:       RPM-GPG-KEY-CentOS-7

# pub   rsa4096/3B4FE6ACC0B21F32 2012-05-11 Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
# Ubuntu archive key 2012
Source11:       ubuntu-archive-2012-3B4FE6ACC0B21F32.asc

# pub   rsa4096/871920D1991BC93C 2018-09-17 Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
# Ubuntu archive key 2018
Source12:       ubuntu-archive-2018-871920D1991BC93C.asc

# pub   rsa2048/72F97B74EC551F03 2010-07-01 Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
# OL6 and OL7
Source13:       RPM-GPG-KEY-oracle-ol-6-7

# pub   rsa4096/82562EA9AD986DA3 2019-04-09 Oracle OSS group (Open Source Software group) <build@oss.oracle.com>
# OL8
Source14:       RPM-GPG-KEY-oracle-ol8

# pub   rsa4096/044ADAEE04881839 2019-01-04 Micro Focus Build Service (Contact security@novell.com) <OESBuild@novell.com>
# Micro Focus
Source15:       oes-gpg-pubkey-044ADAEE04881839.asc

# pub   rsa2048/57DA9A6804A29DB0 2015-07-08 Novell Bangalore BuildService (Contact security@novell.com) <novell-bangalore-build@novell.com>
# old Novell Key
Source16:       oes-gpg-pubkey-57DA9A6804A29DB0.asc

# pub   rsa4096/05B555B38483C65D 2019-05-03 CentOS (CentOS Official Signing Key) <security@centos.org>
# CentOS8
Source17:       RPM-GPG-KEY-CentOS-Official

# pub   rsa2048/65176565 2015-05-29 openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org>
# PackageHub
Source18:       packagehub-gpg-pubkey-65176565.asc

# pub   rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09]
# Key fingerprint = 0EE9 CA43 0050 9E29 17A0  54ED 8EFE 1BC4 D4AD E9C3
# uid                             SUSE Linux Container Signing Key <build-container@suse.de>
# The SUSE Container GPG Key.
Source19:       build-container-d4ade9c3-5a2e9669.asc

# pub   rsa4096/E0B11894F66AEC98 2017-05-22 [SC] [expires: 2025-05-20]
# Key fingerprint = E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
# uid                 [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
# sub   rsa4096/04EE7237B7D453EC 2017-05-22 [S] [expires: 2025-05-20]
Source20:       debian-archive-key-9-04EE7237B7D453EC.asc

# pub   rsa4096/EDA0D2388AE22BA9 2017-05-22 [SC] [expires: 2025-05-20]
# Key fingerprint = 6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
# uid                 [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
# sub   rsa4096/AA8E81B4331F7F50 2017-05-22 [S] [expires: 2025-05-20]
Source21:       debian-archive-key-9-security-AA8E81B4331F7F50.asc

# pub   rsa4096/EF0F382A1A7B6500 2017-05-20 [SC] [expires: 2025-05-18]
# Key fingerprint = 067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
# uid                 [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>
Source22:       debian-release-9-EF0F382A1A7B6500.asc

# pub   rsa4096/DC30D7C23CBBABEE 2019-04-14 [SC] [expires: 2027-04-12]
# Key fingerprint = 80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
# uid                 [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
# sub   rsa4096/648ACFD622F3D138 2019-04-14 [S] [expires: 2027-04-12]
Source23:       debian-archive-key-10-648ACFD622F3D138.asc

# pub   rsa4096/4DFAB270CAA96DFA 2019-04-14 [SC] [expires: 2027-04-12]
# Key fingerprint = 5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
# uid                 [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
# sub   rsa4096/112695A0E562B32A 2019-04-14 [S] [expires: 2027-04-12]
Source24:       debian-archive-key-10-security-112695A0E562B32A.asc

# pub   rsa4096/DCC9EFBF77E11517 2019-02-05 [SC] [expires: 2027-02-03]
# Key fingerprint = 6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
# uid                 [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>
Source25:       debian-release-10-DCC9EFBF77E11517.asc

# pub   rsa4096/7638D0442B90D010 2014-11-21 [SC] [expires: 2022-11-19]
# Key fingerprint = 126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
# uid                 [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
Source26:       debian-archive-key-8-7638D0442B90D010.asc

# pub   rsa4096/EFD752E7E232ED8712E7635CEB801C41873141A8 2016-12-13 alicloud7release <alicloud-linux-os@service.aliyun.com>
# Alibaba Cloud Linux 2 (Aliyun Linux)
Source27:       RPM-GPG-KEY-ALIYUN

# pub   rsa4096/11CF1F95C87F5B1A 2017-06-07 [SC]
#      99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A
# uid                 [ unknown] Amazon Linux <amazon-linux@amazon.com>
Source28:       RPM-GPG-KEY-amazon-linux-2

# pub   rsa4096/0x3ABB34F8 2021-01-12 [C] [expires: 2024-01-12]
#       5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8
# uid                     AlmaLinux <packager@almalinux.org>
# sub   rsa3072/0xC21AD6EA 2021-01-12 [S] [expires: 2024-01-12]
Source29:       RPM-GPG-KEY-AlmaLinux

# pub   rsa2048 2020-12-02 [SC] [expires: 2023-02-10]
#       44CA8C74F08D9C47618782DF3C90731ED78C6B69
# uid           SUSE:SLE-15-SP3:Update OBS Project <SUSE:SLE-15-SP3:Update@build.opensuse.org>
Source30:       gpg-pubkey-d78c6b69-5fc7b9e7.asc

# pub   rsa4096 2021-02-14 [SCE]
#       7051C470A929F454CEBE37B715AF5DAC6D745A60
# uid           Release Engineering <infrastructure@rockylinux.org>
Source31:       RPM-GPG-KEY-rockyofficial

# pub   rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
#      AC530D520F2F3269F5E98313A48449044AAD5C5D
# uid           [ unknown] Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
Source32:       debian-archive-key-11-security-A48449044AAD5C5D.asc

# pub   rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
#       1F89983E0081FDE018F3CC9673A4F27B8DD47936
# uid           [ unknown] Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
Source33:       debian-archive-key-11-73A4F27B8DD47936.asc

# pub   rsa4096 2021-02-13 [SC] [expires: 2029-02-11]
#       A4285295FC7B1A81600062A9605C66F00D6C9793
# uid           [ unknown] Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>
Source34:       debian-release-11-605C66F00D6C9793.asc

# pub   rsa2048 2019-10-21 [SCEA]
#       12EA74AC9DF48D46C69CA0BED557065EB25E7F66
# uid           private OBS (key without passphrase) <defaultkey@localobs>
Source35:       RPM-GPG-KEY-openEuler

# pub   rsa4096 2022-01-18 [SC]
#       BF18AC2876178908D6E71267D36CB86CB86B3716
# uid           AlmaLinux OS 9 <packager@almalinux.org>
Source36:       RPM-GPG-KEY-AlmaLinux-9

# pub   rsa4096 2022-01-19 [SC] [expires: 2042-01-14]
#       3E6D826D3FBAB389C2F38E34BC4D06A08D8B756F
# uid           Oracle Linux (release key 1) <secalert_us@oracle.com>
Source37:       RPM-GPG-KEY-oracle
 
# pub   rsa4096 2022-01-19 [SC] [expires: 2042-01-14]
#       982231759C7467065D0CE9B2A7DD07088B4EFBE6
# uid           Oracle Linux (backup key 1) <secalert_us@oracle.com>
Source38:       RPM-GPG-KEY-oracle-backup

# pub   rsa4096 2009-10-22 [SC]
#       567E347AD0044ADE55BA8A5F199E2F91FD431D51
# uid           [ unknown] Red Hat, Inc. (release key 2) <security@redhat.com>
Source39:       RPM-GPG-KEY-redhat-release

# pub   rsa4096 2022-03-09 [SC]
#       7E4624258C406535D56D6F135054E4A45A6340B3
# uid           [ unknown] Red Hat, Inc. (auxiliary key 3) <security@redhat.com>
Source40:       RPM-GPG-KEY-redhat-auxiliary

# pub   rsa4096 2022-05-09 [SC]
#       21CB256AE16FC54C6E652949702D426D350D275D
# uid           Rocky Enterprise Software Foundation - Release key 2022 <releng@rockylinux.org>
Source41:       RPM-GPG-KEY-Rocky-9

# pub   rsa4096 2022-09-21 [SC] [expires: 2026-09-20]
#       CCB57F6E2FA5D41B256E02B897A636DB0BAD8ECC
# uid           SUSE product addon <build-addon@suse.de>
Source42:       build-addon-0bad8ecc-632aff67.asc

# pub   rsa4096 2022-05-30 [SC] [expires: 2032-05-27]
#       F8CD9BBD5C9614F95CA85788177086FAB0F9C64F
# uid           SUSE Liberty Package Signing Key (v2) <suse-liberty-build-v2@suse.de>
Source43:       RPM-GPG-KEY-SUSE-Liberty-v2

#pub   rsa4096/0xA1BFC02BD588DC46 2023-01-19 [SC] [expires: 2033-01-16]
#      Key fingerprint = B56E 5601 41D8 F654 2DFF  3BF9 A1BF C02B D588 DC46
#uid                             SUSE Package Signing Key (reserve key) <build@suse.de>
Source44:	gpg-pubkey-d588dc46-63c939db.asc

#pub   rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = 7F00 9157 B127 B994 D5CF  BE76 F74F 09BC 3FA1 D6CE
#uid                             SUSE Package Signing Key <build@suse.de>
#
Source45:	gpg-pubkey-3fa1d6ce-63c9481c.asc

#pub   rsa4096/0x35A2F86E29B700A4 2022-06-20 [SC] [expires: 2026-06-19]
#      Key fingerprint = AD48 5664 E901 B867 051A  B15F 35A2 F86E 29B7 00A4
#uid                    openSUSE Project Signing Key <opensuse@opensuse.org>
Source46:	gpg-pubkey-29b700a4.asc

#pub   rsa4096/254CF3B5AEC0A8F0 2023-01-21 [SC] [verfällt: 2031-01-19]
#      05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0
#uid              Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
Source47:       debian-archive-key-12-security-254CF3B5AEC0A8F0.asc

#pub   rsa4096/B7C5D7D6350947F8 2023-01-21 [SC] [verfällt: 2031-01-19]
#      B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
#uid              Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
Source48:       debian-archive-key-12-B7C5D7D6350947F8.asc

#pub   ed25519/F8D2585B8783D481 2023-01-23 [SC] [verfällt: 2031-01-21]
#      4D64FEC119C2029067D6E791F8D2585B8783D481
#uid              Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>
Source49:       debian-release-12-F8D2585B8783D481.asc

#pub   rsa4096/8A49EB0325DB7AE0 2023-05-10 [SC] [verfällt: 2027-05-09]
#      F044C2C507A1262B538AAADD8A49EB0325DB7AE0
#uid              openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org>
Source50:      packagehub-gpg-pubkey-8A49EB0325DB7AE0.asc


# pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
# SUSE supplied PTF (program temporary fixes) are signed by this key.
# supplied to be not imported by default
Source98:       suse_ptf_key_old-B37B98A9.asc

#pub   rsa2048 2022-02-25 [SC] [verfällt: 2026-02-24]
#      1604494D38DA2FA7AA2697AE46DFA05C6F5DA62B
#uid           SUSE PTF Signing Key <support@suse.com>
Source99:       suse_ptf_key-6F5DA62B.asc 

#pub   rsa4096/0x09461C70AF5425F7 2023-01-19 [SC] [expires: 2027-01-18]
#      Key fingerprint = 6D6C 8072 BF35 2152 3062  D823 0946 1C70 AF54 25F7
#uid                             SUSE PTF Signing Key <support@suse.com>
Source100:	suse_ptf_key_2023.asc

Source101: uyuni-build-keys.conf

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch

%define pubring  var/lib/spacewalk/gpgdir/pubring.gpg
%define susering %{_prefix}/lib/uyuni/uyuni-build-keys.gpg

%if 0%{?rhel}
PreReq:         gpg
PreReq:         (coreutils or coreutils-single)
%else
PreReq:         fileutils
PreReq:         gpg
PreReq:         mktemp
PreReq:         sh-utils
%endif

%description
This package contains the gpg keys that are used to sign the
SUSE and opeSUSE rpm packages. The keys installed here are not
actually used by anything. rpm/zypper use the keys in the rpm
db instead.

%package web
Summary:        The public gpg keys for bootstrap use
Group:          System/Packages
Requires:       %{name} = %{version}-%{release}
Provides:       susemanager-build-keys-web = %{susemanager_build_keys_version}

%description web
This package contains the gpg keys that are used to sign the
SUSE and openSUSE rpm packages. These keys are installed in
the web enviroment to be used in a bootstrap script.

%prep
%setup -qcT

%build

touch uyuni-build-keys.gpg
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE2}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE3}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE4}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE5}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE6}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE7}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE8}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE9}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE10}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE11}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE12}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE13}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE14}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE15}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE16}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE17}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE18}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE19}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE20}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE21}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE22}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE23}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE24}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE25}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE26}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE27}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE28}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE29}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE30}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE31}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE32}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE33}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE34}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE35}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE36}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE37}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE38}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE39}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE40}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE41}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE42}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE43}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE44}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE45}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE46}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE47}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE48}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE49}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE50}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE98}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE99}
gpg --no-default-keyring --keyring ./uyuni-build-keys.gpg --import %{SOURCE100}

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{_prefix}/lib/uyuni/
mkdir -p $RPM_BUILD_ROOT/var/lib/spacewalk/gpgdir
install uyuni-build-keys.gpg $RPM_BUILD_ROOT/%{susering}
touch $RPM_BUILD_ROOT/%{pubring}
touch $RPM_BUILD_ROOT/%{pubring}~

mkdir -p $RPM_BUILD_ROOT%{gpgdirroot}/
install %{SOURCE2}  $RPM_BUILD_ROOT%{gpgdirroot}/sle12-gpg-pubkey-39db7c82.key
install %{SOURCE3}  $RPM_BUILD_ROOT%{gpgdirroot}/sle12-reserve-gpg-pubkey-50a3dd1c.key
install %{SOURCE4}  $RPM_BUILD_ROOT%{gpgdirroot}/sle11-gpg-pubkey-307e3d54.key
install %{SOURCE5}  $RPM_BUILD_ROOT%{gpgdirroot}/sle10-gpg-pubkey-9c800aca.key
install %{SOURCE6}  $RPM_BUILD_ROOT%{gpgdirroot}/res-gpg-pubkey-0182b964.key
install %{SOURCE7}  $RPM_BUILD_ROOT%{gpgdirroot}/opensuse-gpg-pubkey-3dbdc284.key
install %{SOURCE8}  $RPM_BUILD_ROOT%{gpgdirroot}/uyuni-gpg-pubkey-0d20833e.key
install %{SOURCE9}  $RPM_BUILD_ROOT%{gpgdirroot}/centos6-gpg-pubkey-c105b9de.key
install %{SOURCE10} $RPM_BUILD_ROOT%{gpgdirroot}/centos7-gpg-pubkey-f4a80eb5.key
install %{SOURCE11} $RPM_BUILD_ROOT%{gpgdirroot}/ubuntu-gpg-pubkey-3B4FE6ACC0B21F32.key
install %{SOURCE12} $RPM_BUILD_ROOT%{gpgdirroot}/ubuntu-gpg-pubkey-871920D1991BC93C.key
install %{SOURCE13} $RPM_BUILD_ROOT%{gpgdirroot}/ol67-gpg-pubkey-72F97B74EC551F03.key
install %{SOURCE14} $RPM_BUILD_ROOT%{gpgdirroot}/ol8-gpg-pubkey-82562EA9AD986DA3.key
install %{SOURCE15} $RPM_BUILD_ROOT%{gpgdirroot}/oes-gpg-pubkey-044ADAEE04881839.key
install %{SOURCE16} $RPM_BUILD_ROOT%{gpgdirroot}/oes-gpg-pubkey-57DA9A6804A29DB0.key
install %{SOURCE17} $RPM_BUILD_ROOT%{gpgdirroot}/centos8-gpg-pubkey-05B555B38483C65D.key
install %{SOURCE18} $RPM_BUILD_ROOT%{gpgdirroot}/packagehub-gpg-pubkey-65176565.key
install %{SOURCE19} $RPM_BUILD_ROOT%{gpgdirroot}/sle-container-gpg-pubkey-d4ade9c3.key
install %{SOURCE20} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-AA8E81B4331F7F50.key
install %{SOURCE21} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-AA8E81B4331F7F50.key
install %{SOURCE22} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-EF0F382A1A7B6500.key
install %{SOURCE23} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-648ACFD622F3D138.key
install %{SOURCE24} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-112695A0E562B32A.key
install %{SOURCE25} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-DCC9EFBF77E11517.key
install %{SOURCE26} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-7638D0442B90D010.key
install %{SOURCE27} $RPM_BUILD_ROOT%{gpgdirroot}/aliyunlinux2-gpg-pubkey-EFD752E7E232ED87.key
install %{SOURCE28} $RPM_BUILD_ROOT%{gpgdirroot}/amazonlinux2-gpg-pubkey-8312182E7F8CF5ED.key
install %{SOURCE29} $RPM_BUILD_ROOT%{gpgdirroot}/almalinux8-gpg-pubkey-488FCF7C3ABB34F8.key
install %{SOURCE30} $RPM_BUILD_ROOT%{gpgdirroot}/gpg-pubkey-d78c6b69-5fc7b9e7.key
install %{SOURCE31} $RPM_BUILD_ROOT%{gpgdirroot}/rockylinux8-gpg-pubkey-15AF5DAC6D745A60.key
install %{SOURCE32} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-A48449044AAD5C5D.key
install %{SOURCE33} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-73A4F27B8DD47936.key
install %{SOURCE34} $RPM_BUILD_ROOT%{gpgdirroot}/debian-gpg-pubkey-605C66F00D6C9793.key
install %{SOURCE35} $RPM_BUILD_ROOT%{gpgdirroot}/openeuler-gpg-pubkey-D557065EB25E7F66.key
install %{SOURCE36} $RPM_BUILD_ROOT%{gpgdirroot}/almalinux9-gpg-pubkey-D36CB86CB86B3716.key
install %{SOURCE37} $RPM_BUILD_ROOT%{gpgdirroot}/oracle-gpg-pubkey-BC4D06A08D8B756F.key
install %{SOURCE38} $RPM_BUILD_ROOT%{gpgdirroot}/oracle-gpg-pubkey-A7DD07088B4EFBE6.key
install %{SOURCE39} $RPM_BUILD_ROOT%{gpgdirroot}/redhat-release-gpg-pubkey-199E2F91FD431D51.key
install %{SOURCE40} $RPM_BUILD_ROOT%{gpgdirroot}/redhat-auxiliary-gpg-pubkey-5054E4A45A6340B3.key
install %{SOURCE41} $RPM_BUILD_ROOT%{gpgdirroot}/rockylinux9-gpg-pubkey-702D426D350D275D.key
install %{SOURCE42} $RPM_BUILD_ROOT%{gpgdirroot}/build-addon-97A636DB0BAD8ECC.key
install %{SOURCE43} $RPM_BUILD_ROOT%{gpgdirroot}/suse-liberty-v2-gpg-pubkey-177086FAB0F9C64F.key
install %{SOURCE44} $RPM_BUILD_ROOT%{gpgdirroot}/sle15-reserve-gpg-pubkey-d588dc46.key
install %{SOURCE45} $RPM_BUILD_ROOT%{gpgdirroot}/sle15-gpg-pubkey-3fa1d6ce.key
install %{SOURCE46} $RPM_BUILD_ROOT%{gpgdirroot}/opensuse-gpg-pubkey-29b700a4.key
install %{SOURCE47} $RPM_BUILD_ROOT%{gpgdirroot}/debian-archive-key-12-security-254CF3B5AEC0A8F0.key
install %{SOURCE48} $RPM_BUILD_ROOT%{gpgdirroot}/debian-archive-key-12-B7C5D7D6350947F8.key
install %{SOURCE49} $RPM_BUILD_ROOT%{gpgdirroot}/debian-release-12-F8D2585B8783D481.key
install %{SOURCE50} $RPM_BUILD_ROOT%{gpgdirroot}/packagehub-gpg-pubkey-8A49EB0325DB7AE0.key

install %{SOURCE98} $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-b37b98a9.key # old ptf key
install %{SOURCE99} $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-6f5da62b.key # new ptf key
install %{SOURCE100} $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-af5425f7.key # 2023 rsa 4k ptf key

mkdir -p $RPM_BUILD_ROOT/etc/%{apache_name}/conf.d/
install %{SOURCE101} $RPM_BUILD_ROOT/etc/%{apache_name}/conf.d/uyuni-build-keys.conf

# install some keys in the salt FS structure to be able to deploy them to clients
mkdir -p $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/

install $RPM_BUILD_ROOT%{gpgdirroot}/res-gpg-pubkey-0182b964.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/res-gpg-pubkey-0182b964.key
install $RPM_BUILD_ROOT%{gpgdirroot}/sle12-gpg-pubkey-39db7c82.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/el-tools-gpg-pubkey-39db7c82.key
install $RPM_BUILD_ROOT%{gpgdirroot}/sle11-gpg-pubkey-307e3d54.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/el6-tools-gpg-pubkey-307e3d54.key
install $RPM_BUILD_ROOT%{gpgdirroot}/uyuni-gpg-pubkey-0d20833e.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/uyuni-tools-gpg-pubkey-0d20833e.key
install $RPM_BUILD_ROOT%{gpgdirroot}/build-addon-97A636DB0BAD8ECC.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/build-addon-97A636DB0BAD8ECC.key
install $RPM_BUILD_ROOT%{gpgdirroot}/suse-liberty-v2-gpg-pubkey-177086FAB0F9C64F.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/suse-liberty-v2-gpg-pubkey-177086FAB0F9C64F.key

# new ptf key not used yet via salt, but maybe needed when we release PTFs for 3rd party OSes
install $RPM_BUILD_ROOT%{gpgdirroot}/ptf-gpg-pubkey-6f5da62b.key $RPM_BUILD_ROOT/usr/share/susemanager/salt/gpg/ptf-gpg-pubkey-6f5da62b.key

%files
%defattr(644,root,root)
%attr(755,root,root) %dir %{_prefix}/lib/uyuni
%attr(755,root,root) %dir /var/lib/spacewalk/
%attr(755,root,root) %dir /var/lib/spacewalk/gpgdir
/%{susering}
%ghost /%{pubring}
%ghost /%{pubring}~

%post
if [ ! -f %{pubring} ]; then
    touch %{pubring}
fi
echo -n "importing Uyuni build key to rpm keyring... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
  echo "uyuni-build-keys::post: cannot make temporary file. Fatal error."
  exit 20
fi
if [ -z "$HOME" ]; then
  HOME=/root
  export HOME
fi
if [ ! -d "$HOME" ]; then
  mkdir "$HOME"
fi
gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true
# no kidding... gpg won't initialize correctly without being called twice.
gpg < /dev/null > /dev/null 2>&1 || true
gpg < /dev/null > /dev/null 2>&1 || true
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
         --keyring %{susering}    --export -a > $TF
a="$?"
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
         --keyring %{pubring}   --import < $TF
b="$?"
rm -f "$TF"
if [ "$a" = 0 -a "$b" = 0 ]; then
    echo "done."
else
    echo "importing the key from the file %{susering}"
    echo "returned an error. This should not happen. It may not be possible"
    echo "to properly verify the authenticity of rpm packages from SUSE sources."
    echo "The keyring containing the SUSE rpm package signing key can be found"
    echo "in the root directory of the first CD (DVD) of your SUSE product."
    exit -1
fi

# we need to trust them, otherwise the verify will fail
echo -n "Trusting Uyuni build keys... "
TF=`mktemp /tmp/gpg.XXXXXX`
if [ -z "$TF" ]; then
  echo "uyuni-build-keys::post: cannot make temporary file. Fatal error."
  exit 20
fi
gpg -q --batch --no-options --no-default-keyring --no-permission-warning \
    --keyring %{susering} --list-keys --with-fingerprint \
    --with-colons | grep fpr | awk -F: '{printf("%s:6:\n", $10);}' > $TF
c="$?"
gpg -q --batch --no-default-keyring --no-permission-warning \
    --homedir /var/lib/spacewalk/gpgdir/ --import-ownertrust < $TF
d="$?"
rm -f "$TF"
if [ "$c" = 0 -a "$d" = 0 ]; then
    echo "done."
else
    echo "trusting the key from the file %{susering}"
    echo "returned an error. This should not happen. It may not be possible"
    echo "to properly sync repositories using spacewalk-repo-sync."
    exit -1
fi

%files web
%defattr(644,root,root)
%dir  %{gpgdirroot}
%dir /usr/share/susemanager/
%dir /usr/share/susemanager/salt/
%dir /etc/%{apache_name}
%dir /etc/%{apache_name}/conf.d
/usr/share/susemanager/salt/gpg
%{gpgdirroot}/*.key
/etc/%{apache_name}/conf.d/uyuni-build-keys.conf

%changelog
* Wed Aug 23 2023 Stefan Bluhm <suse.com@bluhm-de.com>
- Parameterised Apache webserver name.
* Fri Aug  4 2023 Michele Bussolotto <michele.bussolotto@suse.com>
- Improve package to be more reliable in uyuni container
  * move files owned by the package from /srv/www/htdocs/pub to
    /usr/share/susemanager/gpg, in order to be stored in a no-persistent
    folder and prevent upgrade issues
  * create Rewrite rule for backward compatibility and prevent dangling links
    + Added: uyuni-build-keys.conf
* Thu Jun 15 2023 Michael Calmer <mc@suse.com>
- Version 2023.04.1
  * add Debian 12 (bookworm) GPG keys (bsc#1212363
    + Added:
    debian-archive-key-12-security-254CF3B5AEC0A8F0.asc
    debian-archive-key-12-B7C5D7D6350947F8.asc
    debian-release-12-F8D2585B8783D481.asc
  * add new 4096 bit RSA package hub key
    + Added: packagehub-gpg-pubkey-8A49EB0325DB7AE0.asc
* Tue Apr 18 2023 Michael Calmer <mc@suse.com>
- Version 2023.04
  * add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc
* Tue Feb 28 2023 Marcus Meissner <meissner@suse.com>
- Version 2023.03 (jsc#PED-2777):
  * add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
  * add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
  * add new 4096 bit RSA PTF key suse_ptf_key_2023.asc
* Wed Jan  4 2023 Michael Calmer <mc@suse.com>
- Version 2023.01:
  * add SUSE Liberty v2 key
    + Added: RPM-GPG-KEY-SUSE-Liberty-v2
* Thu Nov  3 2022 Michael Calmer <mc@suse.com>
- rename and update old SUSE PTF key
  * Removed: gpg-pubkey-b37b98a9-5aaa951b.asc
  * Added:   suse_ptf_key_old-B37B98A9.asc
- add new SUSE PTF Key
  * Added: suse_ptf_key-6F5DA62B.asc
* Mon Oct 17 2022 Julio González Gil <jgonzalez@suse.com>
- Version 2022.11:
  * Add rpmlintrc configuration, so "W: backup-file-in-package" for
    the keyring is ignored. We do not ship backup files, but we own them
    because they are created each time gpg is called, and we want them
    removed if the package is removed
- Added:
  - uyuni-build-keys.rpmlintrc
* Fri Oct  7 2022 Julio González Gil <jgonzalez@suse.com>
- Version 2022.10:
  * Add key for SUSE product addons (required for SUSE Manager EL9 client tools)
- Added:
  * build-addon-0bad8ecc-632aff67.asc
* Wed Aug 31 2022 Pablo Suárez Hernández <pablo.suarezhernandez@suse.com>
- Add release and auxiliary GPG keys for RedHat
- Add keys for Rocky Linux 9
- Added:
  * RPM-GPG-KEY-redhat-release
  * RPM-GPG-KEY-redhat-auxiliary
  * RPM-GPG-KEY-Rocky-9
* Thu Jun 30 2022 Raúl Osuna <rosuna@suse.com>
- Version 2022.07
  * Add openEuler 22.03 key
  * Add AlmaLinux 9 key
  * Add Oracle Linux 9 keys
  * Install keys for Client Tools Channels in salt filesystem to
    be able to deploy them to clients
  * add compatible version to susemanager-build-keys provides
- Added:
  * RPM-GPG-KEY-openEuler
  * RPM-GPG-KEY-AlmaLinux-9
  * RPM-GPG-KEY-oracle
  * RPM-GPG-KEY-oracle-backup
* Sun Mar  6 2022 Stefan Bluhm <stefan.bluhm@clacee.eu>
- Prepare for Enterprise Linux 9 build.
* Fri Aug 27 2021 Alexander Graul <alexander.graul@suse.com>
- 2021.09
- Add Debian 11 keys
- Added:
  * debian-archive-key-11-security-A48449044AAD5C5D.asc
  * debian-archive-key-11-73A4F27B8DD47936.asc
  * debian-release-11-605C66F00D6C9793.asc
* Mon Jul 12 2021 Stefan Bluhm <stefan.bluhm@clacee.eu>
- Parameterised Apache document root.
- Added gawk requirement (as awk alternative)
* Mon Jul 12 2021 Julio González Gil <jgonzalez@suse.com>
- 2021.07
- Add Rocky Linux 8
- Added:
  * RPM-GPG-KEY-rockyofficial
* Fri Jun  4 2021 Julio González Gil <jgonzalez@suse.com>
- 2021.06
- Add SLE15SP3 Updates for openSUSE Leap 15.3 key (bsc#1186852)
- Added:
  * gpg-pubkey-d78c6b69-5fc7b9e7.asc
* Tue Mar 30 2021 Julio González Gil <jgonzalez@suse.com>
- 2021.04
- Add Alibaba Cloud Linux 2 key
- Add Amazon Linux 2 key
- Add AlmaLinux 8 key
- Added:
  * RPM-GPG-KEY-ALIYUN
  * RPM-GPG-KEY-amazon-linux-2
  * RPM-GPG-KEY-AlmaLinux
* Thu Jan 21 2021 Michael Calmer <mc@suse.com>
- 2021.01
- Add Debian 8 Archive Key - required to verify Debian 9 successfully
  (bsc#1181233)
  Added:
  * debian-archive-key-8-7638D0442B90D010.asc
* Wed Jan 20 2021 Michael Calmer <mc@suse.com>
- Add Debian 9 and Debian 10 keys
  Added:
  * debian-archive-key-10-648ACFD622F3D138.asc
  * debian-archive-key-10-security-112695A0E562B32A.asc
  * debian-release-10-DCC9EFBF77E11517.asc
  * debian-archive-key-9-04EE7237B7D453EC.asc
  * debian-archive-key-9-security-AA8E81B4331F7F50.asc
  * debian-release-9-EF0F382A1A7B6500.asc
* Thu Nov 26 2020 Julio González Gil <jgonzalez@suse.com>
- Version 2020.11
- suse build key extended (bsc#1176759)
  gpg-pubkey-39db7c82-5847eb1f.asc -> gpg-pubkey-39db7c82-5f68629b.asc
- Add the SUSE Container GPG key as "". (PM-1845 bsc#1170347)
  build-container-d4ade9c3-5a2e9669.asc
- Replace "SuSE" user-facing references with "SUSE"
- Trust PackageHub key (bsc#1175103)
  Added:
  * packagehub-gpg-pubkey-65176565.asc
* Thu Jun  4 2020 Michael Calmer <mc@suse.com>
- version 2020.06
- Trust new keys from supported products (bsc#1172269)
  Added:
  * RPM-GPG-KEY-oracle-ol-6-7
  * RPM-GPG-KEY-oracle-ol8
  * oes-gpg-pubkey-044ADAEE04881839.asc
  * oes-gpg-pubkey-57DA9A6804A29DB0.asc
  * ubuntu-archive-2018-871920D1991BC93C.asc
  * ubuntu-archive-2012-3B4FE6ACC0B21F32.asc
  * RPM-GPG-KEY-CentOS-6
  * RPM-GPG-KEY-CentOS-7
  * RPM-GPG-KEY-CentOS-Official
* Fri Dec 14 2018 jgonzalez@suse.com
- Update Uyuni GPG public key
- Remove:
  * gpg-pubkey-af990fe4.asc
- Add:
  * gpg-pubkey-0d20833e.asc
* Thu May 31 2018 jgonzalez@suse.com
- Add openSUSE and Uyuni keys
* Thu Apr  5 2018 fkobzik@suse.de
- Add awk to 'Requires' as it is needed by a post install script
  (bsc#1082370)
* Fri Mar 23 2018 mc@suse.com
- version 12.0.1
- remove "encoded import date" part from gpg key filenames provided
  in the pub directory
* Fri Mar 16 2018 meissner@suse.com
- refreshed the build@suse.de key for sle10 and sle11 (bsc#1085512)
- also refreshed the ptf key (bsc#1085512)
* Thu Dec  8 2016 meissner@suse.com
- refreshed the SUSE build key, which expires 2017-01-31,
  gpg-pubkey-39db7c82-5847eb1f.asc (bsc#1014151)
* Thu Feb 12 2015 mc@suse.de
- automatically trust all imported SUSE keys
* Wed Feb  4 2015 mc@suse.de
- initial version