[Rpm-maint] [rpm-software-management/rpm] rpm --import does not replace old keys with new keys (Issue #2577)
Neal H. Walfield
notifications at github.com
Sat Jul 22 02:10:04 UTC 2023
Looking at the code, it seems:
- [`rpmcliImportPubkeys`](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L83)
- [calls](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L99) [`doImport`](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L27)
- [calls](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L55) [`rpmtsImportPubkey`](https://github.com/rpm-software-management/rpm/blob/master/lib/rpmts.c#L603)
- [calls](https://github.com/rpm-software-management/rpm/blob/master/lib/rpmts.c#L646) [`rpmKeyringAddKey`](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/rpmio/rpmkeyring.c#L82)
which [checks if the certificate's key id is known, and if so, don't do anything](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/rpmio/rpmkeyring.c#L88-L90).
OpenPGP certificates are made up of packets. It is possible to add new packets without updating other packets (e.g., a new subkey, a new self signature that extends the certificate's expiration time). So it is not easy to generate a linear version number for an OpenPGP certificate.
I think we need to extend rpm's [pgp interface](https://github.com/rpm-software-management/rpm/blob/master/include/rpm/rpmpgp.h) to add a function to merge two versions of a certificate.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2577#issuecomment-1646382884
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2577/1646382884 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230721/070dc621/attachment.html>
More information about the Rpm-maint
mailing list