How To know if a rpm signature key is arleady import?
Paul Howarth
paul at city-fan.org
Wed Feb 23 11:43:08 UTC 2005
Dario Lesca wrote:
> Il mar, 2005-02-22 alle 15:43, Paul Howarth ha scritto:
>
>>$ gpg --import --dry-run jcameron-key.asc
>>gpg: key 11F63C51: public key "[User id not found]" imported
>>gpg: Total number processed: 1
>>gpg: imported: 1
>>
>>$ rpm -q gpg-pubkey | grep -i 11F63C51
>>gpg-pubkey-11f63c51-3c7dc11d
>
>
> Ok, this work.
Something that more repo maintainers might like to consider is to
maintain a "myrepo-release" RPM package that contains one or more
entries for /etc/yum.repos.d for their repo and, as part of the
post-install script for the package, automatically installs the GPG key
for that repo. This would simplify the task of setting up that repo so
that no manual editing of yum.conf files was needed, nor manual
importing of GPG keys. Just download and install a single RPM package.
So far, the only repos I know of that do this are freshrpms.net and my
personal repo that I use to maintain my own systems.
The package looks like this:
$ rpm -ql city-fan.org-release
/etc/yum.repos.d/city-fan.org.repo
/usr/share/doc/city-fan.org-release-1
/usr/share/doc/city-fan.org-release-1/GPL
/usr/share/doc/city-fan.org-release-1/RPM-GPG-KEY-city-fan.org
$ rpm -q --scripts city-fan.org-release
postinstall scriptlet (using /bin/sh):
# Import city-fan.org gpg key if needed
rpm -q gpg-pubkey-b56a8bac-3bbc4d06 >/dev/null 2>&1 || \
rpm --import
/usr/share/doc/city-fan.org-release-1/RPM-GPG-KEY-city-fan.org
exit 0
gpg-pubkey-b56a8bac-3bbc4d06 is the key I use to sign my own packages.
Easy!
Paul.
More information about the fedora-list
mailing list