auto importing rpm gpg public keys from keyserver
Jeff Johnson
n3npq at mac.com
Thu Jun 15 11:58:50 PDT 2006
On Jun 15, 2006, at 2:45 PM, Jeff Johnson wrote:
>>
>> To avoid executing rpm with popen, we need to only temporarily
>> disable
>> the signature checking, that's easy, problem is that I couldn't
>> find how
>> to re-enable it. However creating a new temporary rpm.ts()
>> workarounded
>> it. With a new temporary rpm.ts() I can disable signatures
>> checking so I
>> can read the header and now using your sprintf() I can get to the
>> key.
>>
>>> Note carefully the chicken <-> egg problem of reading the header in
>>> order to identify the pubkey you wish to import.
>>
>> Creating a new ts seems to work, however if I could just re-enable
>> signature checking after reading the header, I could avoid to
>> create a
>> new ts.
>>
>
> Yes, create a new transaction, set VSFlags as appropriate.
>
> The real issue is that signature checking policy needs to be set
> outside of
> applications. Say smart chooses to verify signatures, yum does not,
> and
> both are used to install software on the same box.
>
> The policy of whether to verify signatures or not needs to be per-
> system, not
> per-application, at least in some ideal world.
>
More specifically, you should be able to toggle signature
verification using ts.setVSFlags()
from ts.hdrFromFdno() dynamically. There is no persistent state that
I recall.
OTOH, ts.setVSFlags() also governs whether rpmdb headers are checked
when read,
so keep track of what you are doing before calling, say, ts.check().
73 de Jeff
More information about the Smart
mailing list