auto importing rpm gpg public keys from keyserver
Jeff Johnson
n3npq at mac.com
Mon Jun 12 08:48:09 PDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jun 10, 2006, at 12:21 PM, Pascal Bleser wrote:
>
> * is it possible to know that beforehand ? from repository metadata,
> possibly ?
If you want to know the fingerprint of signing keys for*.rpm pkgs in
a repo-md channel, there are
two approaches:
1) change primary.xml to include signature information. I don't see a
means to include
signature info examining my current FC5 primary.xml, but I may just
be looking at only unsigned packages.
2) change <rpm:header-range> to read the signature header as well as
the metadata
header. In fact, smart should probably just read everything up to the
payload, and then
save that as a "header".
Yum saves only the metadata header without any signature information,
one of many design flaws with repo-md and urlgrabber header transport
imho.
hth
73 de Jeff
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFEjYzDuHNkGyA5spERAtkaAKDtweUq4btrmcz9uUjvvql4VokKogCffWZQ
ZQzxJnCPkuZ/ScIzj2EjK0E=
=PYhP
-----END PGP SIGNATURE-----
More information about the Smart
mailing list