If a man speaks in a forest, and his wife's not there, is he still wrong?

rpm --import: avoiding duplicate GPG public keys

yum uses gpg signatures to verify the integrity of rpm packages installed from yum repos. In order to use them, the GPG public key must first be imported into the rpm db. However, this is a rather "dumb" operation - no checks are made to prevent the same key being imported multiple times. Duplicate (or triplicate, or quadruplicate, etc.) keys do not cause any problems, but are unnecessary clutter in the rpmdb.

Here's how to check if a public key has already been imported into the rpmdb.

When imported into the rpmdb, the GPG public keys are identified by a package named gpg-pubkey-$hexstr1-$hexstr1, where:

  • $hexstr1 is the key ID
  • $hexstr2 is an 8-character hex representation of a timestamp

$hexstr2 is not necessary for the purposes of this exercise (which is fortunate, since I've not worked out how to generate it from a given public key!)

First, we need to get the hex id of the public key. We do this by using gpg --throw-keyids, which produces output like this:

# gpg --throw-keyids < /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5      
pub  1024D/E8562897 2007-01-06 CentOS-5 Key (CentOS 5 Official Signing Key) <centos-5-key@centos.org>
sub  1024g/1E9EA3B6 2007-01-06 [expires: 2017-01-03]

The following code parses this output and stores the public key ID in the variable $keyid:

keyid=$(echo $(gpg --throw-keyids < $k) | cut --characters=11-18 | tr [A-Z] [a-z])

Having obtained the key ID, it is relatively trivial to check if that key exists in the rpmdb before importing it:

keyfile=/path/to/PUBLICKEY
if ! rpm -q gpg-pubkey-$keyid > /dev/null 2>&1 ; then
    echo "Installing GPG public key with ID $keyid from $keyfile..."
    rpm --import $keyfile
fi

Story Options

rpm --import: avoiding duplicate GPG public keys | 0 comments
The following comments are owned by whomever posted them. This site is not responsible for what they say.

Topics

  • Home
  • Misc (6/0)
  • Audio (5/0)
  • Linux (21/0)
  • Family (1/0)
  • Fishing Diary (1/0)
  • OpenSolaris (7/0)
  • Computing (11/0)
  • General News (7/0)
  • Chloe (1/0)
  • Emily (2/0)
  • Twins (5/0)
  • Classifieds (2/0)
  • GeekLog (2/0)
  • Project Management (1/0)
  • User Functions






    Lost your password?