pmatilai
commented
1 month ago Further musings on the topic: rpmts supports populating the keyring from either the rpmdb or keys-in-directory, but the keyring itself is a transient in-memory thing, only good for verifying. That was the minimal goal back then, a long long ago. Going forward the storage part needs to be more sanely hooked in there.
Support for keys-in-directory is very barebones really, eg there's no support for listing or removing them. Stuff that the rpmdb gpg-pubkey replacement obviously needs - gpg-pubkeys only work because the API is skewed, you import with a special API but erase and iterate using the rpmdb/header stuff.
We may want to enhance the fs-based keyring to manage those, but I'm not sure keys-in-directory cuts it in the wild. Packages could drop arbitrary files in the directory and whatnot - that's not necessarily a problem, the fact that imported implies trusted is, if importing means just dropping a file in a directory.
We could always whip up something with sqlite or so, but Sequoia of course has its own keyring. Maybe we could offload this there - at least as one option? @nwalfield, thoughts on that?
nwalfield
When rpm started doing its own PGP verification in >= 4.0, it introduced gpg-pubkey pseudo-packages in the rpmdb as the rpm keyring. These pseudo-packages have been problematic throughout their existence and don't really belong to the rpmdb, at least painted as something resembling packages that they are not, and causing all manner of weird issues that shouldn't exist in the first place.
Now that rpmkeys supports --delete and --list in addition to --import, we actually have a user-level abstraction that allows us to get rid of those gpg-pubkey thingies, and while this isn't related to the package format, 6.0 seems like an appropriate place to do this.
Details to be sorted out, but for one we already can populate the keyring from the filesystem as an alternative to the gpg-pubkeys in rpmdb.