Latest
How to check RPM GPG signature against custom key
There is rpmkeys utility present for checking GPG signature of RPMs. But its man page states that it checks against RPM DB and doesn't mention anything about checking the signature against specific GPG public key (or set of keys). But a quick look at the rpm source code reveals that it tries to load keyring by cheking {%_keyringpath}/*.key first and then falls back to using RPM DB. So, this command should do the job:
mkdir /path/to/my/keys/ cp my_key /path/to/my/keys/my_key.key rpm -D '%_keyringpath /path/to/my/keys/' -K my_rpm.rpm
Note again that in this case RPM doesn't try to load keys from RPM DB, so only the keys provided in %_keyringpath are used.
2017-07-21T18:55:04+0400
All posts