[Rpm-maint] [rpm-software-management/rpm] Check signatures in the code (#240)
notifications at github.com
Thu Jun 22 12:09:15 UTC 2017
Signatures are stored in a tag in a package header. So one retrieves a tag from a header, and then parses out the keyid from the OpenPGP format.
The harder issue is that there are up to 4 (or perhaps more) possible tags where signatures might be stored, and that even if a signature with a keyid may not (or cannot in the case of header+payload signatures) be verified.
You can find the 4 tags that may have to be examined by looking at the --queryformat string used by rpm --info (which displays the keyid) stored in /usr/lib/rpm. Doing a --queryformat is likely the most efficient extraction of a keyid when writing scripts, through bindings, or even writing C code.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rpm-maint