diff options
author | Todd Zullinger <tmz@pobox.com> | 2017-07-24 20:35:31 -0400 |
---|---|---|
committer | Todd Zullinger <tmz@pobox.com> | 2018-02-18 12:39:52 -0500 |
commit | bc633ab57d04c1585bda4ecb6177a9426679d004 (patch) | |
tree | de899ddd2c3b7ab31c72495829a10436516cf35d /cgit.spec | |
parent | 43bf0ff1652cba06c1c485ee4de5d36af2f75fa2 (diff) | |
download | cgit_EL6-bc633ab57d04c1585bda4ecb6177a9426679d004.tar.gz |
Use https for source URLs
When updating/rebuilding from the spec file, we can be a little more
secure in downloading the sources via https.
It would be nice to check GPG signatures for the tarballs, but upstream
cgit does not provide such signatures (they sign the git tag, but that
doesn't help us here). We _could_ check the git tarball signature,
borrowing the code from the %prep section of the git spec file.
Diffstat (limited to 'cgit.spec')
-rw-r--r-- | cgit.spec | 11 |
1 files changed, 7 insertions, 4 deletions
@@ -36,14 +36,14 @@ make V=1 %{?_smp_mflags} \\\ Name: cgit Version: 1.1 -Release: 9%{?dist} +Release: 10%{?dist} Summary: A fast web interface for git Group: Development/Tools License: GPLv2 -URL: http://git.zx2c4.com/cgit/ -Source0: http://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz -Source1: http://www.kernel.org/pub/software/scm/git//git-%{gitver}.tar.xz +URL: https://git.zx2c4.com/cgit/ +Source0: https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz +Source1: https://www.kernel.org/pub/software/scm/git//git-%{gitver}.tar.xz Source2: cgitrc Source3: README.SELinux @@ -158,6 +158,9 @@ install -d -m0755 %{buildroot}%{cachedir} %changelog +* Sun Feb 18 2018 Todd Zullinger <tmz@pobox.com> - 1.1-10 +- Use https for source URLs + * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |