Feature changed by: Ludwig Nussel (lnussel) Feature #313400, revision 13 Title: store gpg key in fs instead of rpmdb openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Ludwig Nussel (lnussel) Partner organization: openSUSE.org Description: currently gpg keys used by rpm for signature verification apppar to be installed in the rpmdb as some kind of pseudo package (rpm -qa 'gpg- pubkey*'). This makes them rather clumsy to manage. It would be better to have gpg keys as regular files in the file system. In fact rpm supports that since a while via the %_keyringpath option. It's set to % {_dbpath}/pubkeys/ by default. If any keys are found in that directory the keys in the rpmdb are no longer used. Therefore I propose to: * change the openSUSE-build-key package to drop it's files into % _keyringpath * patch libzypp to prefer %_keyringpath too * add a %post snippet to rpm or openSUSE-build-key to export extra keys in rpmdb to %_keyringpath and remove them from rpmdb afterwards * make %_keyringpath an array so we can have distro provided keys in /usr and admin/locally configured keys in /etc * fix rpm --import to write files in %_keyringpath instead of using rpmdb + Business case (Partner benefit): + openSUSE.org: - keys can simply be installed by dropping files (eg via + rpm package) - rpm -qf would work on those files so you know where the + keys came from - admins could more easily install their own keys - the + nasty back and forth importing/exporting of keys that zypp does might + become easier. Discussion: #1: Michael Schröder (mlschroe) (2012-04-26 15:00:25) I see no way to change 'rpm --import'. The only sane way would be to make it return an error message. #4: Andreas Jaeger (a_jaeger) (2013-08-09 13:26:02) Thomas, Ludwig, could you answer the questions *directly*, please? Otherwise I propose to reject this. #5: Ludwig Nussel (lnussel) (2013-08-09 13:49:34) (reply to #4) it's related to the unfortunately private feature 313342 I've filed in 'user benefit' -- openSUSE Feature: https://features.opensuse.org/313400