[Rpm-maint] [rpm-software-management/rpm] Both rpmdb and fs keystores store keys by the short keyid (Issue #3360)

Panu Matilainen notifications at github.com
Wed Oct 16 11:11:15 UTC 2024


I guess the main points here are:
- fs keyring saves the keys as `<fingerprint>.key`
- gpg-pubkey headers have fingerprint as their Version

gpg-pubkeys also have provides on the short and long keyid, so following that logic they should also have a provide on the fingerprint. Eg
> gpg(Fedora (40) <fedora-40-primary at fedoraproject.org>) = 4:0727707ea15b79cc-63d04c2c
> gpg(a15b79cc) = 4:0727707ea15b79cc-63d04c2c
> gpg(0727707ea15b79cc) = 4:0727707ea15b79cc-63d04c2c

...and now we'd add
> gpg(115df9aef857853ee8445d0a0727707ea15b79cc) = 4:0727707ea15b79cc-63d04c2c

...which doesn't make any more sense than the other ones, but.. dunno. 

Both keystores should handle keys loading keys saved by short keyid without issues, but I guess we should also consider migrating, ie when --import updates and existing key, it'll obviously get migrated to fingerprint storage, but we need to take care to delete the old short name then.

@ffesti thoughts?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3360#issuecomment-2416494298
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3360/2416494298 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241016/be258f71/attachment.html>


More information about the Rpm-maint mailing list