Commit Graph

1 Commits

Author SHA1 Message Date
Todd Zullinger
0d72a6cf5c spec: verify upstream source signature
Per the Fedora packaging guidelines¹.

The GPG key was generated using details found on the wiki².  The
following commands can be used to fetch the signing key via fingerprint
and extract it:

    fpr=0E63D716D76AC080A4A33513F40800B6298EB963
    gpg --keyserver keys.openpgp.org --receive-keys $fpr
    gpg --armor --export-options export-minimal --export $fpr >gpgkey-$fpr.asc

¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures
² https://www.freeipa.org/page/Verify_Release_Signature

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2023-04-18 08:32:54 +02:00