Skip to content

Commit

Permalink
Add --list-keys and --delete-key to rpmkeys
Browse files Browse the repository at this point in the history
This is a  bit of a hack as it manipulates the parsed cli parameters to
to the "right thing" and then calls rpmcliQuery and rpmErase.
  • Loading branch information
ffesti committed Feb 21, 2024
1 parent 1fcfcb5 commit 20e8342
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 5 deletions.
16 changes: 14 additions & 2 deletions docs/man/rpmkeys.8.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ The general forms of rpm digital signature commands are

**rpmkeys** {**-K\|\--checksig**} *PACKAGE\_FILE \...*

**rpmkeys** **\--list-keys**

**rpmkeys** **\--delete-key** *KEYHASH \...*

The **\--checksig** option checks all the digests and signatures
contained in *PACKAGE\_FILE* to ensure the integrity and origin of the
package. Note that signatures are now verified whenever a package is
Expand All @@ -37,13 +41,21 @@ example, all currently imported public keys can be displayed by:

**rpm -q gpg-pubkey**

Details about a specific public key, when imported, can be displayed by
A more convenient way to display them is

**rpmkeys** **\--list-keys**

More details about a specific public key, when imported, can be displayed by
querying. Here\'s information about the Red Hat GPG/DSA key:

**rpm -qi gpg-pubkey-db42a60e**

Finally, public keys can be erased after importing just like packages.
Here\'s how to remove the Red Hat GPG/DSA key
Here\'s how to remove the Red Hat GPG/DSA key:

**rpmkeys** **\--delete-key db42a60e**

Or alternatively:

**rpm -e gpg-pubkey-db42a60e**

Expand Down
26 changes: 23 additions & 3 deletions tools/rpmkeys.c
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

#include <popt.h>
#include <rpm/rpmcli.h>
#include <rpm/rpmstring.h>
#include "cliutils.h"
#include "debug.h"

Expand All @@ -22,12 +23,10 @@ static struct poptOption keyOptsTable[] = {
N_("import an armored public key"), NULL },
{ "test", '\0', POPT_ARG_NONE, &test, 0,
N_("don't import, but tell if it would work or not"), NULL },
#if 0
{ "delete-key", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_DELKEY,
N_("list keys from RPM keyring"), NULL },
{ "list-keys", '\0', (POPT_ARG_VAL|POPT_ARGFLAG_OR), &mode, MODE_LISTKEY,
N_("list keys from RPM keyring"), NULL },
#endif
POPT_TABLEEND
};

Expand Down Expand Up @@ -73,9 +72,30 @@ int main(int argc, char *argv[])
rpmtsSetFlags(ts, (rpmtsFlags(ts)|RPMTRANS_FLAG_TEST));
ec = rpmcliImportPubkeys(ts, args);
break;
/* XXX TODO: actually implement these... */
case MODE_DELKEY:
struct rpmInstallArguments_s * ia = &rpmIArgs;
ARGV_t gpgargs = argvNew();
for (char * const * arg = args; *arg; arg++) {
if (strncmp(*arg, "gpg-pubkey-", 11)) {
char * gpgarg = rpmExpand("gpg-pubkey-", *arg, NULL);
argvAdd(&gpgargs, gpgarg);
free(gpgarg);
} else {
argvAdd(&gpgargs, *arg);
}
}
ec = rpmErase(ts, ia, gpgargs);
argvFree(gpgargs);
break;
case MODE_LISTKEY:
if (args != NULL) {
argerror(_("--list-keys does not take any arguments"));
}
ARGV_t query = argvSplitString("gpg-pubkey", " ", ARGV_NONE);
QVA_t qva = &rpmQVKArgs;
rstrcat(&qva->qva_queryFormat, "%{version}-%{release}: %{summary}\n");
ec = rpmcliQuery(ts, &rpmQVKArgs, (ARGV_const_t) query);
query = argvFree(query);
break;
default:
argerror(_("only one major mode may be specified"));
Expand Down

0 comments on commit 20e8342

Please sign in to comment.