[arch-commits] Commit in python-jwcrypto/trunk (PKGBUILD)

Chih-Hsuan Yen yan12125 at gemini.archlinux.org
Sat Aug 28 16:38:06 UTC 2021 

    Date: Saturday, August 28, 2021 @ 16:38:06
  Author: yan12125
Revision: 1007774

upgpkg: python-jwcrypto 1.0-1

* Switch to signed git tags
* python-six is no longer needed after https://github.com/latchset/jwcrypto/pull/219

Modified:
  python-jwcrypto/trunk/PKGBUILD

----------+
 PKGBUILD |   25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-08-28 16:30:26 UTC (rev 1007773)
+++ PKGBUILD	2021-08-28 16:38:06 UTC (rev 1007774)
@@ -3,33 +3,40 @@
 
 _pkgname=jwcrypto
 pkgname=python-$_pkgname
-pkgver=0.9.1
+pkgver=1.0
+# git rev-parse v1.0.0.sig
+_tag=8040a603b5281cdc5876aa4b0c771f30fe60de62
 pkgrel=1
 pkgdesc='Python implementation of JWK, JWS, JWE specifications'
 arch=(any)
 url='https://github.com/latchset/jwcrypto'
 license=(LGPL3)
-depends=(python python-cryptography python-six python-deprecated)
-makedepends=(python-setuptools)
+depends=(python python-cryptography python-deprecated)
+makedepends=(git python-setuptools)
 checkdepends=(python-pytest)
-source=("https://files.pythonhosted.org/packages/source/j/$_pkgname/$_pkgname-$pkgver.tar.gz"{,.asc})
-sha256sums=('63531529218ba9869e14ef8c9e7b516865ede3facf9b0ef3d3ba68014da211f9'
-            'SKIP')
+source=("git+$url?signed#tag=$_tag")
+sha256sums=('SKIP')
+# PyPI sdists for older versions are signed by tiran's key. Since version 1.0,
+# PyPI sdists are not signed, and tiran didn't declare transition of the
+# signing key for some reason. I temporarily trust simo5's signed git tags as
+# the @redhat.com UID in their key has been verified on keys.openpgp.org.
+# See https://github.com/latchset/jwcrypto/issues/230 for more details.
 validpgpkeys=(
   'BB97AF8BC4E7A5C0D96223D3C788C4C1D4550D45'  # https://github.com/tiran
+  '7C7BD146943B206BB645B64594EAD67E004B65AB'  # Simo Sorce <simo at redhat.com>
 )
 
 build() {
-  cd $_pkgname-$pkgver
+  cd $_pkgname
   python setup.py build
 }
 
 check() {
-  cd $_pkgname-$pkgver
+  cd $_pkgname
   pytest
 }
 
 package() {
-  cd $_pkgname-$pkgver
+  cd $_pkgname
   python setup.py install --root="$pkgdir" --optimize=1 --skip-build
 }

More information about the arch-commits mailing list