Feature changed by: Michael Schröder (mlschroe) Feature #313400, revision 5 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb + Discussion: + #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) + I see no way to change 'rpm --import'. The only sane way would be to + make it return an error message. -- openSUSE Feature: https://features.opensuse.org/313400