Project description
IIRC there was some article in tech news some year ago that criticized the way RPM keys are handled in the SUSE distribution. The main point was that keys are added but usually never removed again. Therefore there should be at least some tool that helps managing keys and checking if certain keys are still in use.
Goal for this Hackweek
The goal is to create a tool to list, add, remove and cleanup keys.
Resources
sh
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}\t%{PACKAGER}\n' # list rpm keys on system
rpm --querytags # rpm list query tags
rpm -qi gpg-pubkey-ABC123 | gpg --quiet --show-keys --with-colons - # key info
rpm -e gpg-pubkey-ABC123 # remove key
https://unix.stackexchange.com/questions/17368/how-do-i-tell-which-gpg-key-an-rpm-package-was-signed-with https://news.opensuse.org/2023/01/23/new-4096-bit-signing-key/ https://github.com/openSUSE/opi/commit/378c6e7eedb76cbf9f8d66c51eb9c45d5fd5b010
Outcome
https://github.com/asdil12/zyppkeys
$ zypper keys list
Key | Added | Vendor
---------------------+---------------------+----------------------------------------------
gpg-pubkey-17280ddf | 2022-09-23 13:43:42 | network OBS Project <network@build.opensuse.…
gpg-pubkey-c862b42c | 2023-01-24 10:51:17 | games OBS Project <games@build.opensuse.org>
gpg-pubkey-29b700a4 | 2022-09-12 14:11:42 | openSUSE Project Signing Key <opensuse@opens…
gpg-pubkey-39db7c82 | 2022-09-12 14:11:42 | SuSE Package Signing Key <build@suse.de>
gpg-pubkey-3dbdc284 | 2022-09-12 14:11:42 | openSUSE Project Signing Key <opensuse@opens…
gpg-pubkey-be1229cf | 2022-09-12 14:38:34 | Microsoft (Release signing) <gpgsecurity@mic…
gpg-pubkey-8a7c64f9 | 2022-09-28 11:41:27 | Unsupported <unsupported@suse.de>
gpg-pubkey-1abd1afb | 2022-09-12 14:37:08 | PackMan Project (signing key) <packman@links…
gpg-pubkey-cbdf5e8f | 2022-09-27 12:05:36 | devel:openQA OBS Project <devel:openQA@build…
gpg-pubkey-6a8dce8c | 2022-09-15 10:11:09 | home:dheidler OBS Project <home:dheidler@bui…
gpg-pubkey-edf0d733 | 2022-11-12 14:47:56 | devel:languages:python OBS Project <devel:la…
gpg-pubkey-a89c3a8a | 2022-09-28 22:49:49 | devel:languages:nodejs OBS Project <devel:la…
gpg-pubkey-d6d11ce4 | 2022-12-27 19:51:28 | hardware OBS Project <hardware@build.opensus…
gpg-pubkey-72174fc2 | 2023-01-30 10:44:24 | Virtualization OBS Project <Virtualization@b…
gpg-pubkey-dcef338c | 2023-01-30 10:44:24 | devel:languages:perl OBS Project <devel:lang…
gpg-pubkey-65176565 | 2023-01-30 10:44:24 | openSUSE:Backports OBS Project <openSUSE:Bac…
gpg-pubkey-f23c6aa3 | 2023-01-30 10:44:24 | multimedia OBS Project <multimedia@build.ope…
gpg-pubkey-780504e9 | 2023-01-30 10:44:24 | X11 OBS Project <X11@build.opensuse.org>
gpg-pubkey-00e006f2 | 2023-01-30 10:44:24 | network:chromium OBS Project <network:chromi…
gpg-pubkey-8df63672 | 2023-01-30 10:44:24 | home:mkittler OBS Project <home:mkittler@bui…
gpg-pubkey-038651bd | 2023-02-01 12:53:40 | https://packagecloud.io/slacktechnologies/sl…
gpg-pubkey-7fac5991 | 2023-02-02 00:00:01 | Google, Inc. Linux Package Signing Key <linu…
gpg-pubkey-d38b4796 | 2023-02-02 00:00:01 | Google Inc. (Linux Packages Signing Authorit…
gpg-pubkey-33eaab8e | 2023-02-02 00:00:01 | Vivaldi Package Composer KEY09 <packager@viv…
gpg-pubkey-4218647e | 2023-02-06 14:51:10 | Vivaldi Package Composer KEY08 <packager@viv…
gpg-pubkey-8583c11c | 2023-02-07 14:07:35 | home:dheidler OBS Project <home:dheidler@bui…
gpg-pubkey-324e6311 | 2023-02-08 16:52:09 | filesystems OBS Project <filesystems@build.o…
$ zypper keys repokeys -d
Repo | Key | Added | Vendor
----------------------------------+---------------------+-------+-------------------------
suse_ca | gpg-pubkey-39db7c82 | Yes | SuSE Package Signing Ke…
vivaldi | gpg-pubkey-4218647e | Yes | Vivaldi Package Compose…
home_dheidler | gpg-pubkey-8583c11c | Yes | home:dheidler OBS Proje…
games | gpg-pubkey-c862b42c | Yes | games OBS Project <game…
hardware_sdr | gpg-pubkey-d6d11ce4 | Yes | hardware OBS Project <h…
download.opensuse.org-oss | gpg-pubkey-29b700a4 | Yes | openSUSE Project Signin…
download.opensuse.org-tumbleweed | gpg-pubkey-3dbdc284 | Yes | openSUSE Project Signin…
devel-openqa | gpg-pubkey-cbdf5e8f | Yes | devel:openQA OBS Projec…
download.opensuse.org-non-oss | gpg-pubkey-29b700a4 | Yes | openSUSE Project Signin…
vscode | gpg-pubkey-be1229cf | Yes | Microsoft (Release sign…
slack | gpg-pubkey-038651bd | Yes | https://packagecloud.io…
filesystems | gpg-pubkey-324e6311 | Yes | filesystems OBS Project…
openh264 | gpg-pubkey-3dbdc284 | Yes | openSUSE Project Signin…
``` $ zypper keys show gpg-pubkey-29b700a4
Information for key gpg-pubkey-29b700a4:
Key : gpg-pubkey-29b700a4 Added : 2022-09-12 14:11:42 Vendor : openSUSE Project Signing Key opensuse@opensuse.org Fingerprints : AD485664E901B867051AB15F35A2F86E29B700A4
```
This project is part of:
Hack Week 22
Activity
Comments
Similar Projects
Switch software-o-o to parse repomd data by hennevogel
Currently software.opensuse.org search is using...
Kanidm: A safe and modern IDM system by firstyear
Kanidm is an IDM system written in Rust for mod...