Project description
IIRC there was some article in tech news some year ago that criticized the way RPM keys are handled in the SUSE distribution. The main point was that keys are added but usually never removed again. Therefore there should be at least some tool that helps managing keys and checking if certain keys are still in use.
Goal for this Hackweek
The goal is to create a tool to list, add, remove and cleanup keys.
Resources
sh
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}\t%{PACKAGER}\n' # list rpm keys on system
rpm --querytags # rpm list query tags
rpm -qi gpg-pubkey-ABC123 | gpg --quiet --show-keys --with-colons - # key info
rpm -e gpg-pubkey-ABC123 # remove key
https://unix.stackexchange.com/questions/17368/how-do-i-tell-which-gpg-key-an-rpm-package-was-signed-with https://news.opensuse.org/2023/01/23/new-4096-bit-signing-key/ https://github.com/openSUSE/opi/commit/378c6e7eedb76cbf9f8d66c51eb9c45d5fd5b010
Outcome
https://github.com/asdil12/zyppkeys
``` $ zypper keys list Key | Added | Vendor ---------------------+---------------------+---------------------------------------------- gpg-pubkey-17280ddf | 2022-09-23 13:43:42 | network OBS Project gpg-pubkey-29b700a4 | 2022-09-12 14:11:42 | openSUSE Project Signing Key gpg-pubkey-3dbdc284 | 2022-09-12 14:11:42 | openSUSE Project Signing Key gpg-pubkey-1abd1afb | 2022-09-12 14:37:08 | PackMan Project (signing key) gpg-pubkey-00e006f2 | 2023-01-30 10:44:24 | network:chromium OBS Project Fingerprints : AD485664E901B867051AB15F35A2F86E29B700A4
```
This project is part of:
Hack Week 22
Activity
Comments
Similar Projects
This project is one of its kind!