From 62b41f900315681f6e84c42e8e98908657f5e607 Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: May 05 2016 01:54:52 +0000
Subject: Check tarball signature


I cannot really check that the key is valid, apart from the fact that
the person in control of the github repository uploaded a signature
with this key. So this check is nothing more than TOFU, but I think
it's still useful for the future.

---

diff --git a/python-dateutil.spec b/python-dateutil.spec
index 7eb359c..73ad115 100644
--- a/python-dateutil.spec
+++ b/python-dateutil.spec
@@ -10,9 +10,12 @@ Group:          Development/Languages
 License:        Python
 URL:            https://github.com/dateutil/dateutil
 Source0:        https://github.com/dateutil/dateutil/releases/download/%{version}/python-dateutil-%{version}.tar.xz
+Source1:        https://github.com/dateutil/dateutil/releases/download/%{version}/python-dateutil-%{version}.tar.xz.asc
+Source2:        key-D964BEFB.gpg
 
 BuildArch:      noarch
 BuildRequires:  python-sphinx
+BuildRequires:  gnupg2
 
 %description
 The dateutil module provides powerful extensions to the standard datetime
@@ -56,6 +59,7 @@ Summary: API documentation for python-dateutil
 This package contains %{summary}.
 
 %prep
+gpgv2 --homedir . --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %autosetup -p0
 iconv --from=ISO-8859-1 --to=UTF-8 NEWS > NEWS.new
 mv NEWS.new NEWS