[Yum-devel] GPG key importing
menno-yum at freshfoo.com
Mon Dec 13 13:39:35 UTC 2004
I'm working on getting yum to import GPG keys into RPM itself. There
will be a per rep "gpgkey" option that points to a disk file or URL
where the repository's public key is.
After some experimentation I think the best approach is that if
gpgcheck=1 and the public key for an RPM to be installed is missing and
the gpgkey option is set, then the key is downloaded and installed.
The one problem with this is that it may lead to keys being imported
multiple times (eg. if the gpgkey option is pointing to the wrong key).
RPM does nothing to prevent this.
The obvious way to avoid duplicate imports is to check the key ID of the
downloaded key before attempting an import. It's easy to check if a
given key ID is already installed. The hard part is parsing out key ID
of the downloaded key. I could either implement some of RFC2440 to
extract the key ID (could be tricky) or use GPG to do it (adds a
dependency for yum on the GPG binary).
Does anyone know of another way to handle this?
Also, does anyone know what the release field of an imported GPG key is?
The version field is the key ID but can't find a number that corresponds
to the release field.
Scanned by the NetBox from NetBox Blue
More information about the Yum-devel