[Yum-devel] GPG key importing

Menno Smits menno-yum at freshfoo.com
Mon Dec 13 13:39:35 UTC 2004

I'm working on getting yum to import GPG keys into RPM itself. There 
will be a per rep "gpgkey" option that points to a disk file or URL 
where the repository's public key is.

After some experimentation I think the best approach is that if 
gpgcheck=1 and the public key for an RPM to be installed is missing and 
the gpgkey option is set, then the key is downloaded and installed.

The one problem with this is that it may lead to keys being imported 
multiple times (eg. if the gpgkey option is pointing to the wrong key). 
RPM does nothing to prevent this.

The obvious way to avoid duplicate imports is to check the key ID of the 
downloaded key before attempting an import. It's easy to check if a 
given key ID is already installed. The hard part is parsing out key ID 
of the downloaded key. I could either implement some of RFC2440 to 
extract the key ID (could be tricky) or use GPG to do it (adds a 
dependency for yum on the GPG binary).

Does anyone know of another way to handle this?

Also, does anyone know what the release field of an imported GPG key is? 
The version field is the key ID but can't find a number that corresponds 
to the release field.


Scanned by the NetBox from NetBox Blue

More information about the Yum-devel mailing list