[New: openFATE 313400] store gpg key in fs instead of rpmdb
Feature added by: Ludwig Nussel (lnussel) Feature #313400, revision 1 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg-pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to %{_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: - change the openSUSE-build-key package to drop it's files into %_keyringpath - patch libzypp to prefer %_keyringpath too - add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards - make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc -- openSUSE Feature: https://features.opensuse.org/313400
Feature changed by: Ludwig Nussel (lnussel) Feature #313400, revision 3 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: - - change the openSUSE-build-key package to drop it's files into % - _keyringpath - patch libzypp to prefer %_keyringpath too - add a %post - snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to % - _keyringpath and remove them from rpmdb afterwards - make %_keyringpath - an array so we can have distro provided keys in /usr and admin/locally - configured keys in /etc + * change the openSUSE-build-key package to drop it's files into % + _keyringpath + * patch libzypp to prefer %_keyringpath too + * add a %post snippet to rpm or openSUSE-build-key to export extra keys + in rpmdb to %_keyringpath and remove them from rpmdb afterwards + * make %_keyringpath an array so we can have distro provided keys in + /usr and admin/locally configured keys in /etc + * fix rpm --import to write files in %_keyringpath instead of using + rpmdb -- openSUSE Feature: https://features.opensuse.org/313400
Feature changed by: Michael Schröder (mlschroe) Feature #313400, revision 5 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb + Discussion: + #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) + I see no way to change 'rpm --import'. The only sane way would be to + make it return an error message. -- openSUSE Feature: https://features.opensuse.org/313400
Feature changed by: Andreas Jaeger (a_jaeger) Feature #313400, revision 11 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb Discussion: #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) I see no way to change 'rpm --import'. The only sane way would be to make it return an error message. + #4: Andreas Jaeger (a_jaeger) (2013-08-09 13:26:02) + Thomas, Ludwig, could you answer the questions *directly*, please? + Otherwise I propose to reject this. -- openSUSE Feature: https://features.opensuse.org/313400
Feature changed by: Ludwig Nussel (lnussel) Feature #313400, revision 12 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb Discussion: #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) I see no way to change 'rpm --import'. The only sane way would be to make it return an error message. #4: Andreas Jaeger (a_jaeger) (2013-08-09 13:26:02) Thomas, Ludwig, could you answer the questions *directly*, please? Otherwise I propose to reject this. + #5: Ludwig Nussel (lnussel) (2013-08-09 13:49:34) (reply to #4) + it's related to the unfortunately private feature 313342 I've filed in + 'user benefit' -- openSUSE Feature: https://features.opensuse.org/313400
Feature changed by: Ludwig Nussel (lnussel) Feature #313400, revision 13 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb + Business case (Partner benefit): + openSUSE.org: - keys can simply be installed by dropping files (eg via + rpm package) - rpm -qf would work on those files so you know where the + keys came from - admins could more easily install their own keys - the + nasty back and forth importing/exporting of keys that zypp does might + become easier. Discussion: #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) I see no way to change 'rpm --import'. The only sane way would be to make it return an error message. #4: Andreas Jaeger (a_jaeger) (2013-08-09 13:26:02) Thomas, Ludwig, could you answer the questions *directly*, please? Otherwise I propose to reject this. #5: Ludwig Nussel (lnussel) (2013-08-09 13:49:34) (reply to #4) it's related to the unfortunately private feature 313342 I've filed in 'user benefit' -- openSUSE Feature: https://features.opensuse.org/313400
Feature changed by: Thomas Biege (thomasbiege) Feature #313400, revision 16 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb Business case (Partner benefit): openSUSE.org: - keys can simply be installed by dropping files (eg via rpm package) - rpm -qf would work on those files so you know where the keys came from - admins could more easily install their own keys - the nasty back and forth importing/exporting of keys that zypp does might become easier. Discussion: #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) I see no way to change 'rpm --import'. The only sane way would be to make it return an error message. #4: Andreas Jaeger (a_jaeger) (2013-08-09 13:26:02) Thomas, Ludwig, could you answer the questions *directly*, please? Otherwise I propose to reject this. #5: Ludwig Nussel (lnussel) (2013-08-09 13:49:34) (reply to #4) it's related to the unfortunately private feature 313342 I've filed in 'user benefit' + #7: Thomas Biege (thomasbiege) (2013-08-19 11:51:24) (reply to #4) + I didn't request it but from my POV this would improve the handling of + keys a lot. -- openSUSE Feature: https://features.opensuse.org/313400
Feature changed by: Marcus Meissner (msmeissn) Feature #313400, revision 21 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable + Projectmanager: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb Business case (Partner benefit): openSUSE.org: - keys can simply be installed by dropping files (eg via rpm package) - rpm -qf would work on those files so you know where the keys came from - admins could more easily install their own keys - the nasty back and forth importing/exporting of keys that zypp does might become easier. Discussion: #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) I see no way to change 'rpm --import'. The only sane way would be to make it return an error message. #4: Andreas Jaeger (a_jaeger) (2013-08-09 13:26:02) Thomas, Ludwig, could you answer the questions *directly*, please? Otherwise I propose to reject this. #5: Ludwig Nussel (lnussel) (2013-08-09 13:49:34) (reply to #4) it's related to the unfortunately private feature 313342 I've filed in 'user benefit' #7: Thomas Biege (thomasbiege) (2013-08-19 11:51:24) (reply to #4) I didn't request it but from my POV this would improve the handling of keys a lot. -- openSUSE Feature: https://features.opensuse.org/313400
participants (1)
-
fate_noreply@suse.de