From 4206550fa354ddad7ec0914467a86a57e8d5df60 Mon Sep 17 00:00:00 2001
From: Eli Young <elyscape@gmail.com>
Date: Dec 04 2019 20:51:09 +0000
Subject: Verify source OpenPGP signature


---

diff --git a/.gitignore b/.gitignore
index 7ee66cc..634017d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@
 /certbot-nginx-0.37.2.tar.gz
 /certbot-nginx-0.38.0.tar.gz
 /certbot-nginx-0.39.0.tar.gz
+/certbot-nginx-0.39.0.tar.gz.asc
diff --git a/gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg b/gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg
new file mode 100644
index 0000000..013feed
Binary files /dev/null and b/gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg differ
diff --git a/python-certbot-nginx.spec b/python-certbot-nginx.spec
index d0a572c..4361f36 100644
--- a/python-certbot-nginx.spec
+++ b/python-certbot-nginx.spec
@@ -1,4 +1,4 @@
-%global pyname certbot-nginx
+%global pypi_name certbot-nginx
 
 %if 0%{?fedora}
 %bcond_without python3
@@ -12,14 +12,20 @@
 %bcond_without python2
 %endif
 
-Name:       python-%{pyname}
+Name:       python-%{pypi_name}
 Version:    0.39.0
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    The nginx plugin for certbot
 
 License:    ASL 2.0
 URL:        https://pypi.python.org/pypi/certbot-nginx
-Source0:    https://files.pythonhosted.org/packages/source/c/%{pyname}/%{pyname}-%{version}.tar.gz
+Source0:        %{pypi_source}
+Source1:        %{pypi_source}.asc
+# Key mentioned in https://certbot.eff.org/docs/install.html#certbot-auto
+# Keyring generation steps as follows:
+#   gpg2 --keyserver pool.sks-keyservers.net --recv-key A2CFB51FA275A7286234E7B24D17C995CD9775F2
+#   gpg2 --export --export-options export-minimal A2CFB51FA275A7286234E7B24D17C995CD9775F2 > gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg
+Source2:        gpg-A2CFB51FA275A7286234E7B24D17C995CD9775F2.gpg
 
 BuildArch:      noarch
 
@@ -52,14 +58,17 @@ BuildRequires: python3-pyparsing
 BuildRequires: python3-pytest
 %endif
 
+# Used to verify OpenPGP signature
+BuildRequires:  gnupg2
+
 %description
 Plugin for certbot that allows for automatic configuration of ngnix
 
 %if %{with python2}
-%package -n python2-%{pyname}
+%package -n python2-%{pypi_name}
 # Provide the name users expect as a certbot plugin
 %if ( 0%{?rhel} && 0%{?rhel} <= 7 ) || ( 0%{?fedora} && 0%{?fedora} <= 25 )
-Provides:      %{pyname} = %{version}-%{release}
+Provides:      %{pypi_name} = %{version}-%{release}
 %endif
 # Although a plugin for the certbot command it's technically
 # an extension to the certbot python libraries
@@ -77,17 +86,17 @@ Recommends:    certbot >= 0.35.0
 Requires:      certbot >= 0.35.0
 %endif
 Summary:     The nginx plugin for certbot
-%{?python_provide:%python_provide python2-%{pyname}}
+%{?python_provide:%python_provide python2-%{pypi_name}}
 
-%description -n python2-%{pyname}
+%description -n python2-%{pypi_name}
 Plugin for certbot that allows for automatic configuration of nginx
 %endif
 
 %if %{with python3}
-%package -n python3-%{pyname}
+%package -n python3-%{pypi_name}
 # Provide the name users expect as a certbot plugin
 %if 0%{?fedora} >= 26
-Provides:      %{pyname} = %{version}-%{release}
+Provides:      %{pypi_name} = %{version}-%{release}
 %endif
 # Although a plugin for the certbot command it's technically
 # an extension to the certbot python libraries
@@ -101,14 +110,15 @@ Recommends:    certbot >= 0.35.0
 Requires:      certbot >= 0.35.0
 %endif
 Summary:     The nginx plugin for certbot
-%{?python_provide:%python_provide python3-%{pyname}}
+%{?python_provide:%python_provide python3-%{pypi_name}}
 
-%description -n python3-%{pyname}
+%description -n python3-%{pypi_name}
 Plugin for certbot that allows for automatic configuration of nginx
 %endif
 
 %prep
-%autosetup -p1 -n %{pyname}-%{version}
+%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
+%autosetup -p1 -n %{pypi_name}-%{version}
 
 %build
 %if %{with python2}
@@ -136,7 +146,7 @@ Plugin for certbot that allows for automatic configuration of nginx
 %endif
 
 %if %{with python2}
-%files -n python2-%{pyname}
+%files -n python2-%{pypi_name}
 %license LICENSE.txt
 %doc README.rst
 %{python2_sitelib}/certbot_nginx
@@ -145,7 +155,7 @@ Plugin for certbot that allows for automatic configuration of nginx
 %endif
 
 %if %{with python3}
-%files -n python3-%{pyname}
+%files -n python3-%{pypi_name}
 %license LICENSE.txt
 %doc README.rst
 %{python3_sitelib}/certbot_nginx
@@ -154,6 +164,9 @@ Plugin for certbot that allows for automatic configuration of nginx
 %endif
 
 %changelog
+* Wed Dec 04 2019 Eli Young <elyscape@gmail.com> - 0.39.0-2
+- Verify source OpenPGP signature
+
 * Tue Oct 01 2019 Eli Young <elyscape@gmail.com> - 0.39.0-1
 - Update to 0.39.0 (#1757588)
 
diff --git a/sources b/sources
index 74fded4..debeee8 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 SHA512 (certbot-nginx-0.39.0.tar.gz) = cd318a73f892b41d44adf5fa4fbb7fadc90fe5fe78e912e8d2658ef757d16e71822424a3692deb8303140b4ef68d7dc8a1aee8b06ad0aec06bfa2ca66101592a
+SHA512 (certbot-nginx-0.39.0.tar.gz.asc) = 1af7763c3926ea017493c78f4c159787ec74019b50a0b096bacd95ad769d44eebbc7ba73838df2ad51ee99edf634cf5dfb11f9510b5e22853fe2401038c5bee8