automatic import of obs-signdopeneuler23.03

6 files changed, 484 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..cccd2d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/2.6.1.tar.gz
diff --git a/0001-Rename-option-files-are-digests-to-file-is-digest.patch b/0001-Rename-option-files-are-digests-to-file-is-digest.patch
new file mode 100644
index 0000000..5291d10
--- /dev/null
+++ b/0001-Rename-option-files-are-digests-to-file-is-digest.patch
@@ -0,0 +1,40 @@
+From f4713b1094031d7c71b69579d555c0537280f5c5 Mon Sep 17 00:00:00 2001
+From: Josef Stribny <jstribny@redhat.com>
+Date: Tue, 27 May 2014 12:20:35 +0200
+Subject: [PATCH 1/2] Rename option --files-are-digests to --file-is-digest
+
+---
+
+diff -Naur obs-sign-2.6.1.orig/signd obs-sign-2.6.1/signd
+--- obs-sign-2.6.1.orig/signd	2022-07-29 12:59:54.000000000 +0200
++++ obs-sign-2.6.1/signd	2022-11-14 09:16:15.416146448 +0100
+@@ -880,7 +880,7 @@
+ }
+ 
+ sub have_files_are_digests {
+-  my ($status) = rungpg('/dev/null', undef, $gpg, '--files-are-digests', '--version');
++  my ($status) = rungpg('/dev/null', undef, $gpg, '--file-is-digest', '--version');
+   return !$status;
+ }
+ 
+@@ -1233,7 +1233,7 @@
+     } else {
+       push @args, '-u', $user;
+     }
+-    return rungpg($phrasesfile, undef, $gpg, "--batch", "--force-v3-sigs", "--files-are-digests", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", @args, "-sbo", "-", $hash);
++    return rungpg($phrasesfile, undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", @args, "-sbo", "-", $hash);
+   }
+ }
+ 
+diff -Naur obs-sign-2.6.1.orig/signd.8 obs-sign-2.6.1/signd.8
+--- obs-sign-2.6.1.orig/signd.8	2022-07-29 12:59:54.000000000 +0200
++++ obs-sign-2.6.1/signd.8	2022-11-14 09:16:33.118233765 +0100
+@@ -14,7 +14,7 @@
+ 
+ signd uses the same configuration used for sign, /etc/sign.conf.
+ It needs a gpg implementation that understands the
+-"--files-are-digests" option to work correctly.
++"--file-is-digest" option to work correctly.
+ 
+ .SH SECURITY
+ Unless the allow-unprivileged-ports option is set to true in
diff --git a/0002-fixes-user-id-matching-to-provide-unique-results.patch b/0002-fixes-user-id-matching-to-provide-unique-results.patch
new file mode 100644
index 0000000..2fc4a30
--- /dev/null
+++ b/0002-fixes-user-id-matching-to-provide-unique-results.patch
@@ -0,0 +1,99 @@
+From 242015e49c2050d8d3ab276140d3551dbfb7a025 Mon Sep 17 00:00:00 2001
+From: clime <clime@redhat.com>
+Date: Mon, 2 May 2016 21:05:43 +0200
+Subject: [PATCH 2/2] fixes user-id matching to provide unique results
+
+Supposing you have got these two keys (generated in this order) in the gpg homedir:
+pub   rsa2048/DB5F2C7E 2016-05-02 [SCEA]
+uid         [ultimate] abc (abc) <foobar@foobar.com>
+
+pub   rsa2048/9F129E90 2016-05-02 [SCEA]
+uid         [ultimate] abc (abc) <bar@foobar.com>
+
+and content of the phrases directory is the following:
+bar@foobar.com  foobar@foobar.com
+
+Then if you call /bin/sign -u bar@foobar.com -p, both keys are returned (| gpg2 --list-packets | grep 'user ID'):
+:user ID packet: "abc (abc) <foobar@foobar.com>"
+:user ID packet: "abc (abc) <bar@foobar.com>"
+
+If you try to sign a rpm like this: /bin/sign -u bar@foobar.com -r unsigned35.rpm, you will get it signed by foobar's key:
+$ rpm -Kv unsigned35.rpm
+unsigned35.rpm:
+    Header V3 RSA/SHA1 Signature, key ID db5f2c7e: NOKEY
+    Header SHA1 digest: OK (6289e7d8d0a73be107945df48cefb762a5036eb1)
+    V3 RSA/SHA1 Signature, key ID db5f2c7e: NOKEY
+    MD5 digest: OK (3c8cafddad94a1e75adf52c59203cd3a)
+
+If you generate a new key-pair with: /bin/sign -u bar@foobar.com -P test.priv -g rsa@2048 800 test test@test.cz > test.pub,
+then test.pub is again signed by foobar's key:
+
+(Here I generated new keys in a different gpg homedir to test this with gpg-1.4.20)
+pub   2048R/12390294 2016-05-02
+uid                  abc (abc) <foobar@foobar.com>
+
+pub   2048R/2CD4F3AA 2016-05-02
+uid                  abc (abc) <bar@foobar.com>
+
+$ cat test.pub | gpg --list-packets | grep 'signature packet'
+:signature packet: algo 1, keyid 8CCC8E826051E7F0
+:signature packet: algo 1, keyid 2F34AD5812390294
+(the second signature has foobar's short key id: 12390294)
+
+The problem is that without angle brackets (<>) around email, gpg performs substring match on user ids. With angle brackets, it performs exact matching,
+which produces the (I suppose) expected behaviour of signd.
+
+An alternative to this patch is to keep all phrases' file names in form <email> (so that you can then call sign client with -u '<email>')
+but I don't think this was intended.
+---
+ signd | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff -Naur obs-sign-2.6.1.orig/signd obs-sign-2.6.1/signd
+--- obs-sign-2.6.1.orig/signd	2022-11-14 10:36:26.807971895 +0100
++++ obs-sign-2.6.1/signd	2022-11-14 10:40:50.214630869 +0100
+@@ -788,7 +788,7 @@
+   my ($user, $purpose) = @_;
+   $purpose ||= 's';
+   $purpose = qr/$purpose/;
+-  my $lines = rungpg_fatal('/dev/null', undef, $gpg, '--locate-key', '--with-fingerprint', '--with-fingerprint', '--with-keygrip', '--with-colons', '--', $user);
++  my $lines = rungpg_fatal('/dev/null', undef, $gpg, '--locate-key', '--with-fingerprint', '--with-fingerprint', '--with-keygrip', '--with-colons', '--', "<$user>");
+   my $fpr;
+   my $grp;
+   my $keyid;
+@@ -972,7 +972,7 @@
+   rungpg_fatal("$phrases/$user", $tdir, $gpg, '--batch', '--no-secmem-warning',
+         @pinentrymode,
+         "--passphrase-fd=0", "--yes",
+-        "-u", $user,
++        "-u", "<$user>",
+         '--default-cert-level', '3',
+         "--keyring", $pubring,
+         '--edit-key', $keyid,
+@@ -992,7 +992,7 @@
+   close(F) || die("privkey close error\n");
+ 
+   $ENV{GNUPGHOME} = $org_gnupghome;
+-  my $privkey = rungpg_fatal('/dev/null', $tdir, $gpg, '--batch', '--encrypt', '--no-verbose', '--no-secmem-warning', '--trust-model', 'always', '-o-', '-r', "$user", "$tdir/privkey");
++  my $privkey = rungpg_fatal('/dev/null', $tdir, $gpg, '--batch', '--encrypt', '--no-verbose', '--no-secmem-warning', '--trust-model', 'always', '-o-', '-r', "<$user>", "$tdir/privkey");
+   remove_tree($tdir);
+ 
+   # send back
+@@ -1053,7 +1053,7 @@
+ sub cmd_pubkey {
+   my ($cmd, $user, $hashalgo, @args) = @_;
+   die("pubkey: one argument expected\n") if @args;
+-  my $pubkey = rungpg_fatal('/dev/null', undef, $gpg, '--export', '-a', $user);
++  my $pubkey = rungpg_fatal('/dev/null', undef, $gpg, '--export', '-a', "<$user>");
+   return (0, '', $pubkey);
+ }
+ 
+@@ -1231,7 +1231,7 @@
+     if ($isprivsign) {
+       push @args, '--allow-non-selfsigned-uid';
+     } else {
+-      push @args, '-u', $user;
++      push @args, '-u', "<$user>";
+     }
+     return rungpg($phrasesfile, undef, $gpg, "--batch", "--force-v3-sigs", "--file-is-digest", "--digest-algo=$hashalgo", "--no-verbose", "--no-armor", "--no-secmem-warning", "--ignore-time-conflict", @pinentrymode, "--passphrase-fd=0", @args, "-sbo", "-", $hash);
+   }
diff --git a/0003-Implement-allow-unprivileged-ports-for-the-client.patch b/0003-Implement-allow-unprivileged-ports-for-the-client.patch
new file mode 100644
index 0000000..2516959
--- /dev/null
+++ b/0003-Implement-allow-unprivileged-ports-for-the-client.patch
@@ -0,0 +1,134 @@
+From e4a1668e31569c0fdcc334c98fbc68ff0cd71e9c Mon Sep 17 00:00:00 2001
+From: Pavel Raiskup <praiskup@redhat.com>
+Date: Thu, 12 May 2022 09:02:43 +0200
+Subject: [PATCH] Implement 'allow-unprivileged-ports' for the client
+
+The restricted rootless container environment (e.g. OpenShift) doesn't
+allow us to call seteuid(), call setuid binaries, or bind to privileged
+ports.  Therefore we need to have some opt-out for the use of privileged
+ports.
+
+With the very same option, the signd-side can already accept
+such connections (before the option was useful when the source port was
+changed to a non-privileged one, e.g. by some proxy).
+
+Proposed upstream: https://github.com/openSUSE/obs-sign/pull/36
+
+Needed for: https://pagure.io/copr/copr/pull-request/2193
+---
+ sign.c |  6 ++++++
+ sock.c | 67 ++++++++++++++++++++++++++++++++++++----------------------
+ 2 files changed, 48 insertions(+), 25 deletions(-)
+
+diff --git a/sign.c b/sign.c
+index f86718b..72e69ca 100644
+--- a/sign.c
++++ b/sign.c
+@@ -38,6 +38,7 @@
+ char *host;
+ int port = MYPORT;
+ char *test_sign;
++int allow_unprivileged_ports = 0;
+ static char *user;
+ static char *algouser;
+ static int allowuser;
+@@ -1309,6 +1310,11 @@ read_sign_conf(const char *conf)
+ 	      exit(1);
+ 	    }
+ 	}
++      if (!strcmp(buf, "allow-unprivileged-ports"))
++	{
++	  if (!strcmp(bp, "true"))
++	    allow_unprivileged_ports = 1;
++	}
+       if (uid && !allowuser && !strcmp(buf, "allowuser"))
+ 	{
+ 	  if (pwd && !strcmp(pwd->pw_name, bp))
+diff --git a/sock.c b/sock.c
+index 3008375..8b35683 100644
+--- a/sock.c
++++ b/sock.c
+@@ -37,6 +37,45 @@ extern char *test_sign;
+ extern char *host;
+ extern int port;
+ extern uid_t uid;
++extern int allow_unprivileged_ports;
++
++/* Best effort bindresvport().  We still try, but we don't enforce binding to
++ * a privileged source port (works only if 'allow-unprivileged-ports' is 'true'
++ * both on the client and server side. */
++static void
++do_bindresvport(void)
++{
++  if (uid)
++    {
++      if (seteuid(0))
++	{
++	  if (allow_unprivileged_ports)
++	    /* go with an unprivileged src port */
++	    return;
++	  perror("seteuid (for bindresvport)");
++	  exit(1);
++	}
++    }
++
++  while (bindresvport(sock, NULL) != 0)
++    {
++      if (errno != EADDRINUSE)
++	{
++	  perror("bindresvport");
++	  exit(1);
++	}
++      sleep(1);
++    }
++
++  if (uid)
++    {
++      if (seteuid(uid))
++	{
++	  perror("seteuid");
++	  exit(1);
++	}
++    }
++}
+ 
+ void
+ opensocket(void)
+@@ -70,31 +109,9 @@ opensocket(void)
+       perror("socket");
+       exit(1);
+     }
+-  if (uid)
+-    {
+-      if (seteuid(0))
+-	{
+-	  perror("seteuid");
+-	  exit(1);
+-	}
+-    }
+-  while (bindresvport(sock, NULL) != 0)
+-    {
+-      if (errno != EADDRINUSE)
+-	{
+-	  perror("bindresvport");
+-	  exit(1);
+-	}
+-      sleep(1);
+-    }
+-  if (uid)
+-    {
+-      if (seteuid(uid))
+-	{
+-	  perror("seteuid");
+-	  exit(1);
+-	}
+-    }
++
++  do_bindresvport();
++
+   if (connect(sock, (struct sockaddr *)&svt, sizeof(svt)))
+     {
+       perror(host);
+-- 
+2.36.1
+
diff --git a/obs-signd.spec b/obs-signd.spec
new file mode 100644
index 0000000..bf25caa
--- /dev/null
+++ b/obs-signd.spec
@@ -0,0 +1,209 @@
+# http://fedoraproject.org/wiki/Packaging:Guidelines?rd=Packaging/Guidelines#PIE
+%global _hardened_build 1
+%global commit 5c320501dc048bbcf56480dfc5780fb43dd20de5
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
+%global snapdate 20210907
+%global snapshotrel .%{snapdate}git%{shortcommit}
+# To make rpmdev-bumpspec work properly
+%global baserelease 5
+
+Name:             obs-signd
+Summary:          The OBS sign daemon
+License:          GPL-2.0-only
+URL:              https://github.com/openSUSE/obs-sign
+Version:          2.6.1
+Release:          1
+#Release:          %%{baserelease}%%{?snapshotrel}%%{?dist}
+Source0:          https://github.com/openSUSE/obs-sign/archive/refs/tags/%{version}.tar.gz
+# We renamed the option in gnupg2 to 'file-is-digest'
+Patch0:           0001-Rename-option-files-are-digests-to-file-is-digest.patch
+# https://github.com/openSUSE/obs-sign/pull/6
+Patch1:           0002-fixes-user-id-matching-to-provide-unique-results.patch
+# https://github.com/openSUSE/obs-sign/pull/36
+Patch2:           0003-Implement-allow-unprivileged-ports-for-the-client.patch
+Requires:         gnupg2
+Requires(pre):    shadow-utils
+BuildRequires:    perl-generators
+BuildRequires:    systemd
+BuildRequires:    gcc
+BuildRequires:    make
+
+%description
+The OpenSUSE Build Service sign client and daemon.
+
+This daemon can be used to sign anything via gpg by communicating
+with a remote server to avoid the need to host the private key
+on the same server.
+
+%prep
+%autosetup -n obs-sign-%{version}
+
+%build
+%make_build CFLAGS="%{build_cflags}" LDFLAGS="%{build_ldflags}" sign
+
+%install
+mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_sysconfdir}
+install -d -m 0755 %{buildroot}%{_bindir}
+
+# binaries and configuration
+mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_sysconfdir}
+install -m 0755 signd %{buildroot}%{_sbindir}
+install -m 0750 sign %{buildroot}%{_bindir}
+install -m 0644 sign.conf %{buildroot}%{_sysconfdir}
+
+# systemd service
+mkdir -p %{buildroot}%{_unitdir}
+install -m 0644 dist/signd.service %{buildroot}%{_unitdir}
+
+# man pages
+install -d -m 0755 %{buildroot}%{_mandir}/man{5,8}
+
+for f in 5 8; do
+  install -m 0644 sig*.${f} %{buildroot}%{_mandir}/man${f}/
+done
+
+%pre
+getent group obsrun >/dev/null || %{_sbindir}/groupadd -r obsrun
+getent passwd obsrun >/dev/null || \
+  %{_sbindir}/useradd -r -s /bin/false -c "User for Open Build Service backend" \
+                         -d %{_libdir}/obs -g obsrun obsrun
+exit 0
+
+%post
+%systemd_post signd.service
+
+%preun
+%systemd_preun signd.service
+
+%postun
+%systemd_postun_with_restart signd.service
+
+%files
+%config(noreplace) %{_sysconfdir}/sign.conf
+%attr(4750,root,obsrun) %{_bindir}/sign
+%{_sbindir}/signd
+%{_unitdir}/signd.service
+%doc %{_mandir}/man*/*
+
+%changelog
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jan 04 2023 msuchy <msuchy@redhat.com> - 2.6.1-4
+- use patches from dist-git and not from lookaside cache
+
+* Wed Jan 04 2023 Jakub Kadlcik <frostyx@email.cz> - 2.6.1-3
+- Fix typo in patch, it should be "--file-is-digest" not "--file-is-digests"
+
+* Wed Nov 30 2022 Miroslav Suchý <msuchy@redhat.com> 2.6.1-2
+- use SPDX format for license
+
+* Mon Nov 14 2022 Miroslav Suchý <msuchy@redhat.com> 2.6.1-1
+- rebase patches
+- rebase obs-sign to 2.6.1
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.10-4.20210907git5c32050
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+                                                                                          
+* Tue May 24 2022 Pavel Raiskup <praiskup@redhat.com> - 2.5.10-3.20210907git5c32050
+- implemented 'unprivileged-client-port' option for the OpenShift environments
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.10-2.20210907git5c32050
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Sep 07 2021 Silvie Chlupova <schlupov@redhat.com> - 2.5.10-1
+- rebase to 2.5.10
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.4-7.20190913git5675e23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.5.4-6.20190913git5675e23
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.4-5.20190913git5675e23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec  1 15:23:34 CET 2020 msuchy <msuchy@redhat.com> - 2.5.4-4.20190913git5675e23
+- Add make to BR - https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.4-3.20190913git5675e23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.4-2.20190913git5675e23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jan 02 2020 Neal Gompa <ngompa13@gmail.com> - 2.5.4-1.20190913git5675e23
+- Rebase to 2.5.4 post-release snapshot
+- Drop systemd scriptlet requires per updated packaging policy
+- Drop useless verification exception
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-2.20190613gitc3d5984
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Jun 24 2019 Jakub Kadlčík <jkadlcik@redhat.com> - 2.5.3-1.20180614gitc3d5984
+- update to new upstream version 2.5.3
+- use Makefile that is provided by upstream nowadays
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.2-6.20180614git65f9cab
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.2-5.20180614git65f9cab
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jun 25 2018 Miroslav Suchý <msuchy@redhat.com> 2.4.2-4.20180614git65f9cab
+- re-add BR gcc
+
+* Thu Jun 21 2018 Miroslav Suchý <msuchy@redhat.com> 2.4.2-3.20180614git65f9cab
+- update to snapshot of 20180614
+
+* Thu Jun 21 2018 Miroslav Suchý <msuchy@redhat.com>
+- rebase patches
+- update to snapshot of 20180614
+
+* Tue May 22 2018 Miroslav Suchý <msuchy@redhat.com> 2.4.2-1
+- rebase to 2.4.2
+
+* Mon Feb 19 2018 Miroslav Suchý <msuchy@redhat.com> 2.2.1-14
+- fix broken build 
+
+* Mon Feb 19 2018 Miroslav Suchý <msuchy@redhat.com> 2.2.1-13
+- BR gcc
+- require shadow-utils because of adding user
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Apr 26 2016 Miroslav Suchy <msuchy@redhat.com> - 2.2.1-8
+- fix id matching (Patch1)
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Oct 03 2014 Josef Stribny <jstribny@redhat.com> - 2.2.1-5
+- Add install section to unit file
+
+* Tue Aug 26 2014 Josef Stribny <jstribny@redhat.com> - 2.2.1-4
+- Enable Position-independent code (PIC)
+
+* Mon Aug 25 2014 Josef Stribny <jstribny@redhat.com> - 2.2.1-3
+- Create group or user only if it doesn't exist yet
+- Remove explicit gzip of man pages
+
+* Fri Aug 22 2014 Josef Stribny <jstribny@redhat.com> - 2.2.1-2
+- Use macros where possible
+
+* Fri May 23 2014 Josef Stribny <jstribny@redhat.com> 2.2.1-1
+- Initial package
diff --git a/sources b/sources
new file mode 100644
index 0000000..ec5e2e8
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+80cd4d71dd6c5679faddfad9d51b9b24  2.6.1.tar.gz