[Yum-devel] pygpgme and yum
seth vidal
skvidal at linux.duke.edu
Tue Jul 3 16:04:47 UTC 2007
On Tue, 2007-07-03 at 07:39 -0400, James Bowes wrote:
> On Tue, Jul 03, 2007 at 12:54:12AM -0400, seth vidal wrote:
> > 1. gpg keyring outside of the rpmdb for verifying the repomd.xml
> > - we could do either:
> > 1. make gpg keyring on the fly from the pubkey entries in the
> > rpmdb and
> > save it
> > 2. when we import the gpg keys to begin with we also import them
> > into this
> > gpg keyring
>
> While 1 sounds so terribly icky, I can imagine a case where somebody
> might import a gpg key by hand, bypassing yum's chance to import the key
> into its own keyring. So perhaps 1 is the better option.
And it lets us handle people who are upgrading to a version of yum that
supports this.
I've written a simple little 'import all keys from the rpmdb into one
gpg keyring per key' script. It's very simple but should be very do-able
to import for yum's use.
http://linux.duke.edu/~skvidal/useful-scripts/import-to-keyrings.py
James and I were talking on jabber about where things should go. He
suggested putting things in a single keyring for all of yum
in /var/cache/yum somewhere. This sounds reasonable to me. Any other
thoughts on it?
-sv
More information about the Yum-devel
mailing list