From 8167a8a8c4941cd0dc4daac94d9695449bdc4b29 Mon Sep 17 00:00:00 2001 From: Saravanan Somasundaram Date: Mon, 10 Aug 2020 17:45:03 -0400 Subject: [PATCH] Fixing Repo Path & GPG Keys for Prod --- .../mariner-repos/MICROSOFT-METADATA-GPG-KEY | 19 +++++++++++ SPECS/mariner-repos/MICROSOFT-RPM-GPG-KEY | 34 +++++++++---------- .../mariner-repos/mariner-official-base.repo | 2 +- .../mariner-official-update.repo | 2 +- .../mariner-repos.signatures.json | 7 ++-- SPECS/mariner-repos/mariner-repos.spec | 13 ++++--- toolkit/Makefile | 6 ++-- toolkit/docs/building/building.md | 6 ++-- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 2 +- 12 files changed, 61 insertions(+), 36 deletions(-) create mode 100644 SPECS/mariner-repos/MICROSOFT-METADATA-GPG-KEY diff --git a/SPECS/mariner-repos/MICROSOFT-METADATA-GPG-KEY b/SPECS/mariner-repos/MICROSOFT-METADATA-GPG-KEY new file mode 100644 index 0000000000..dafecd3b9a --- /dev/null +++ b/SPECS/mariner-repos/MICROSOFT-METADATA-GPG-KEY @@ -0,0 +1,19 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.7 (GNU/Linux) + +mQENBFYxWIwBCADAKoZhZlJxGNGWzqV+1OG1xiQeoowKhssGAKvd+buXCGISZJwT +LXZqIcIiLP7pqdcZWtE9bSc7yBY2MalDp9Liu0KekywQ6VVX1T72NPf5Ev6x6DLV +7aVWsCzUAF+eb7DC9fPuFLEdxmOEYoPjzrQ7cCnSV4JQxAqhU4T6OjbvRazGl3ag +OeizPXmRljMtUUttHQZnRhtlzkmwIrUivbfFPD+fEoHJ1+uIdfOzZX8/oKHKLe2j +H632kvsNzJFlROVvGLYAk2WRcLu+RjjggixhwiB+Mu/A8Tf4V6b+YppS44q8EvVr +M+QvY7LNSOffSO6Slsy9oisGTdfE39nC7pVRABEBAAG0N01pY3Jvc29mdCAoUmVs +ZWFzZSBzaWduaW5nKSA8Z3Bnc2VjdXJpdHlAbWljcm9zb2Z0LmNvbT6JATUEEwEC +AB8FAlYxWIwCGwMGCwkIBwMCBBUCCAMDFgIBAh4BAheAAAoJEOs+lK2+EinPGpsH +/32vKy29Hg51H9dfFJMx0/a/F+5vKeCeVqimvyTM04C+XENNuSbYZ3eRPHGHFLqe +MNGxsfb7C7ZxEeW7J/vSzRgHxm7ZvESisUYRFq2sgkJ+HFERNrqfci45bdhmrUsy +7SWw9ybxdFOkuQoyKD3tBmiGfONQMlBaOMWdAsic965rvJsd5zYaZZFI1UwTkFXV +KJt3bp3Ngn1vEYXwijGTa+FXz6GLHueJwF0I7ug34DgUkAFvAs8Hacr2DRYxL5RJ +XdNgj4Jd2/g6T9InmWT0hASljur+dJnzNiNCkbn9KbX7J/qK1IbR8y560yRmFsU+ +NdCFTW7wY0Fb1fWJ+/KTsC4= +=J6gs +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/SPECS/mariner-repos/MICROSOFT-RPM-GPG-KEY b/SPECS/mariner-repos/MICROSOFT-RPM-GPG-KEY index 6e319d453b..7c6b5b1483 100644 --- a/SPECS/mariner-repos/MICROSOFT-RPM-GPG-KEY +++ b/SPECS/mariner-repos/MICROSOFT-RPM-GPG-KEY @@ -1,19 +1,19 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.7 (GNU/Linux) +Version: BSN Pgp v1.1.0.0 -mQENBFYxWIwBCADAKoZhZlJxGNGWzqV+1OG1xiQeoowKhssGAKvd+buXCGISZJwT -LXZqIcIiLP7pqdcZWtE9bSc7yBY2MalDp9Liu0KekywQ6VVX1T72NPf5Ev6x6DLV -7aVWsCzUAF+eb7DC9fPuFLEdxmOEYoPjzrQ7cCnSV4JQxAqhU4T6OjbvRazGl3ag -OeizPXmRljMtUUttHQZnRhtlzkmwIrUivbfFPD+fEoHJ1+uIdfOzZX8/oKHKLe2j -H632kvsNzJFlROVvGLYAk2WRcLu+RjjggixhwiB+Mu/A8Tf4V6b+YppS44q8EvVr -M+QvY7LNSOffSO6Slsy9oisGTdfE39nC7pVRABEBAAG0N01pY3Jvc29mdCAoUmVs -ZWFzZSBzaWduaW5nKSA8Z3Bnc2VjdXJpdHlAbWljcm9zb2Z0LmNvbT6JATUEEwEC -AB8FAlYxWIwCGwMGCwkIBwMCBBUCCAMDFgIBAh4BAheAAAoJEOs+lK2+EinPGpsH -/32vKy29Hg51H9dfFJMx0/a/F+5vKeCeVqimvyTM04C+XENNuSbYZ3eRPHGHFLqe -MNGxsfb7C7ZxEeW7J/vSzRgHxm7ZvESisUYRFq2sgkJ+HFERNrqfci45bdhmrUsy -7SWw9ybxdFOkuQoyKD3tBmiGfONQMlBaOMWdAsic965rvJsd5zYaZZFI1UwTkFXV -KJt3bp3Ngn1vEYXwijGTa+FXz6GLHueJwF0I7ug34DgUkAFvAs8Hacr2DRYxL5RJ -XdNgj4Jd2/g6T9InmWT0hASljur+dJnzNiNCkbn9KbX7J/qK1IbR8y560yRmFsU+ -NdCFTW7wY0Fb1fWJ+/KTsC4= -=J6gs ------END PGP PUBLIC KEY BLOCK----- +mQENBF5v2nQBCADD+o8FgJQUcV9QTgdOTrYo8VtwHNOtTI1WWki8cUx+pI+aarHo +zYN3/QQj+a5lALWeWM/w+aT1q/xGBBkmr9Qo5xWaXeiKZaMVv3H+1HIOjVvrWOHX +zm+FvONB2fwAOclq9p7YaMqWtn4GckxD2YXhkTW0Y4kM+TcMTgSCiGKskjnmTfHw +G+SI9av/CZvqqfNZkdIuNTS9eSqTTenCKkgLvYRKSpkhZj1OuB/iTu+xK0BuoVns +jmju/Fw+tBrcdu3Q1sRXDrh8lnZgHxQUxHjwnyMlTM8a9N2qCgnu+SQjNyk3NXgi +dGSFkdtaF/Z+KNwG10XVs1jzjO/rtsrvrwJvABEBAAG0Ok1hcmluZXIgUlBNIFJl +bGVhc2UgU2lnbmluZyA8bWFyaW5lcnJwbXByb2RAbWljcm9zb2Z0LmNvbT6JATgE +EwEIACIFAl5v2nQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAzZ/tMx +Nc6QfaMH/iqp4Uyd66rAC2tSILWrH6RLkf05TIE0GZheqQkEO7a/Khy3u/Ej/HgC +QUlIC7yrJJGfNCyAx44Z/QsnrWz5EqVZOvjgY9MDpmzfve7KqmbnDBjmbSc6g8IH +HcgUYyfTHEUj69IfgNyJK4Io1vi1WgY/sesAn2ZPpoeT3ihH5FqH7dQkGWeGg1bA +FIaVXm+gMAssaj+k52g/+CnY4KZUHrSkg48OoRB+2a6FqGS8BLeCa+v+zaJCk2fz +EI/NeJwL4Asz1F4AwkEu5X9y8eEGArCXoP0OpYpCxIBZ+7MiKKDOoNf0a/0nOhvs +29LIIOnG+x0/RDfRgFObrF9geKpVTpI= +=ZhFE +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/SPECS/mariner-repos/mariner-official-base.repo b/SPECS/mariner-repos/mariner-official-base.repo index 989551a572..2f6e6770a9 100755 --- a/SPECS/mariner-repos/mariner-official-base.repo +++ b/SPECS/mariner-repos/mariner-official-base.repo @@ -1,6 +1,6 @@ [mariner-official-base] name=CBL-Mariner Official Base $releasever $basearch -baseurl=https://packages.microsoft.com/yumrepos/cbl-mariner-$releasever-prod−base-$basearch-rpms +baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/prod/base/$basearch/rpms/ gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY enabled=1 gpgcheck=0 diff --git a/SPECS/mariner-repos/mariner-official-update.repo b/SPECS/mariner-repos/mariner-official-update.repo index b887877165..160c866da0 100755 --- a/SPECS/mariner-repos/mariner-official-update.repo +++ b/SPECS/mariner-repos/mariner-official-update.repo @@ -1,6 +1,6 @@ [mariner-official-update] name=CBL-Mariner Official Update $releasever $basearch -baseurl=https://packages.microsoft.com/yumrepos/cbl-mariner-$releasever-prod-update-$basearch-rpms +baseurl=https://packages.microsoft.com/cbl-mariner/$releasever/prod/update/$basearch/rpms/ gpgkey=file:///etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY gpgcheck=0 enabled=1 diff --git a/SPECS/mariner-repos/mariner-repos.signatures.json b/SPECS/mariner-repos/mariner-repos.signatures.json index 8a983f5a7b..3823856e24 100644 --- a/SPECS/mariner-repos/mariner-repos.signatures.json +++ b/SPECS/mariner-repos/mariner-repos.signatures.json @@ -1,7 +1,8 @@ { "Signatures": { - "MICROSOFT-RPM-GPG-KEY": "2cfd20a306b2fa5e25522d78f2ef50a1f429d35fd30bd983e2ebffc2b80944fa", - "mariner-official-base.repo": "e551fdc398d9b4c098b403fe0e176b758a6a5450d22d178b0bbc0beb29398771", - "mariner-official-update.repo": "b2002481315f5f10e6222dd219e76251501611423bc1559288a9a25ed2b8cc4e" + "MICROSOFT-RPM-GPG-KEY": "eb12973679a692551df1cd803cc99ce56a74d7357e24530ce003bd4846134a6c", + "MICROSOFT-METADATA-GPG-KEY": "c29e5709ec534383acf34a0da5ffce45313bc175a94f14b9f0414d376933e78f", + "mariner-official-base.repo": "56a5a8ef0b9008c0ada68ac61362501238bae433512f62c3e967849f9cf3c9ae", + "mariner-official-update.repo": "54e30c0cd07caf3513a6bbb4b0df70ea63e60475512199179135c36dd53562dd" } } \ No newline at end of file diff --git a/SPECS/mariner-repos/mariner-repos.spec b/SPECS/mariner-repos/mariner-repos.spec index 19019b462d..cf14c08a1f 100644 --- a/SPECS/mariner-repos/mariner-repos.spec +++ b/SPECS/mariner-repos/mariner-repos.spec @@ -1,13 +1,14 @@ Summary: CBL-Mariner repo files, gpg keys Name: mariner-repos Version: 1.0 -Release: 7%{?dist} +Release: 8%{?dist} License: Apache License Group: System Environment/Base URL: https://aka.ms/mariner Source0: MICROSOFT-RPM-GPG-KEY -Source1: mariner-official-base.repo -Source2: mariner-official-update.repo +Source1: MICROSOFT-METADATA-GPG-KEY +Source2: mariner-official-base.repo +Source3: mariner-official-update.repo Vendor: Microsoft Corporation Distribution: mariner Provides: mariner-repos @@ -19,11 +20,12 @@ CBL-Mariner repo files and gpg keys %install rm -rf $RPM_BUILD_ROOT install -d -m 755 $RPM_BUILD_ROOT/etc/yum.repos.d -install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/etc/yum.repos.d install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc/yum.repos.d +install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/yum.repos.d install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-gpg install -m 644 %{SOURCE0} $RPM_BUILD_ROOT/etc/pki/rpm-gpg +install -m 644 %{SOURCE1} $RPM_BUILD_ROOT/etc/pki/rpm-gpg %clean rm -rf $RPM_BUILD_ROOT @@ -32,10 +34,13 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) %dir /etc/yum.repos.d /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY +/etc/pki/rpm-gpg/MICROSOFT-METADATA-GPG-KEY %config(noreplace) /etc/yum.repos.d/mariner-official-base.repo %config(noreplace) /etc/yum.repos.d/mariner-official-update.repo %changelog +* Mon Aug 10 2020 Saravanan Somasundaram - 1.0-8 +- Adding Metadata Key and Updating to Prod GPG Key. * Fri Jul 31 2020 Pawel Winogrodzki - 1.0-7 - Fixing distro name. * Fri Jul 17 2020 Andrew Phelps 1.0-6 diff --git a/toolkit/Makefile b/toolkit/Makefile index 73c3b15d2b..0893d48bea 100644 --- a/toolkit/Makefile +++ b/toolkit/Makefile @@ -84,9 +84,9 @@ endif # External source server SOURCE_URL ?= -PACKAGE_URL ?= https://packages.microsoft.com/yumrepos/cbl-mariner-$(RELEASE_MAJOR_ID)-prod-base-$(build_arch)-rpms -PACKAGE_UPDATE_URL ?= https://packages.microsoft.com/yumrepos/cbl-mariner-$(RELEASE_MAJOR_ID)-prod-update-$(build_arch)-rpms -SRPM_URL ?= https://packages.microsoft.com/yumrepos/cbl-mariner-$(RELEASE_MAJOR_ID)-prod-base-srpms +PACKAGE_URL ?= https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/base/$(build_arch)/rpms +PACKAGE_UPDATE_URL ?= https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/update/$(build_arch)/rpms +SRPM_URL ?= https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/base/srpms REPO_LIST ?= CA_CERT ?= TLS_CERT ?= diff --git a/toolkit/docs/building/building.md b/toolkit/docs/building/building.md index 37e5bb495b..30e71ae73b 100644 --- a/toolkit/docs/building/building.md +++ b/toolkit/docs/building/building.md @@ -158,9 +158,9 @@ The build system pulls files two ways: Direct file downloads are by default pulled from: ```makefile SOURCE_URL ?= -PACKAGE_URL ?= https://packages.microsoft.com/yumrepos/cbl-mariner-$(RELEASE_MAJOR_ID)-prod-base-$(build_arch)-rpms -PACKAGE_UPDATE_URL ?= https://packages.microsoft.com/yumrepos/cbl-mariner-$(RELEASE_MAJOR_ID)-prod-update-$(build_arch)-rpms -SRPM_URL ?= https://packages.microsoft.com/yumrepos/cbl-mariner-$(RELEASE_MAJOR_ID)-prod-base-srpms +PACKAGE_URL ?= https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/base/$(build_arch)/rpms +PACKAGE_UPDATE_URL ?= https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/update/$(build_arch)/rpms +SRPM_URL ?= https://packages.microsoft.com/cbl-mariner/$(RELEASE_MAJOR_ID)/prod/base/srpms ``` While `tdnf` uses a list of repo files: ```makefile diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index ef5794a36a..e428390ce2 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -146,7 +146,7 @@ krb5-1.17-2.cm1.aarch64.rpm lua-5.3.5-4.cm1.aarch64.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm mariner-check-macros-1.0-3.cm1.noarch.rpm -mariner-repos-1.0-7.cm1.noarch.rpm +mariner-repos-1.0-8.cm1.noarch.rpm libffi-3.2.1-10.cm1.aarch64.rpm libtasn1-4.14-2.cm1.aarch64.rpm p11-kit-0.23.16.1-2.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 76b08f721a..20ee0e7826 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -146,7 +146,7 @@ krb5-1.17-2.cm1.x86_64.rpm lua-5.3.5-4.cm1.x86_64.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm mariner-check-macros-1.0-3.cm1.noarch.rpm -mariner-repos-1.0-7.cm1.noarch.rpm +mariner-repos-1.0-8.cm1.noarch.rpm libffi-3.2.1-10.cm1.x86_64.rpm libtasn1-4.14-2.cm1.x86_64.rpm p11-kit-0.23.16.1-2.cm1.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 17c052567e..41db2d9829 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -236,7 +236,7 @@ make-4.2.1-4.cm1.aarch64.rpm make-debuginfo-4.2.1-4.cm1.aarch64.rpm mariner-check-macros-1.0-3.cm1.noarch.rpm mariner-release-1.0-6.cm1.noarch.rpm -mariner-repos-1.0-7.cm1.noarch.rpm +mariner-repos-1.0-8.cm1.noarch.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm meson-0.49.2-1.cm1.noarch.rpm mpfr-4.0.1-3.cm1.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 8a3cb8da08..9ef9c41988 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -236,7 +236,7 @@ make-4.2.1-4.cm1.x86_64.rpm make-debuginfo-4.2.1-4.cm1.x86_64.rpm mariner-check-macros-1.0-3.cm1.noarch.rpm mariner-release-1.0-6.cm1.noarch.rpm -mariner-repos-1.0-7.cm1.noarch.rpm +mariner-repos-1.0-8.cm1.noarch.rpm mariner-rpm-macros-1.0-3.cm1.noarch.rpm meson-0.49.2-1.cm1.noarch.rpm mpfr-4.0.1-3.cm1.x86_64.rpm