Is there a way to get an installed RPM's signature Key ID programatically?
As displayed by rpm -qi package
?
I don't really want to parse the output of rpm -qi
. I'd much rather use rpm -q --qf
, of which I can control the format and is not subjected to a future version's aesthetic whims.
But the only useful tag I can find in the man page is SIGPGP, which gets me the entire signature, not only the short key id. See the difference:
$ rpm -qi coreutils
Name : coreutils Relocations: (not relocatable)
Version : 8.4 Vendor: Fedora Project
Release : 8.fc13 Build Date: Tue 20 Jul 2010 05:21:15 AM BRT
Install Date: Tue 03 Aug 2010 01:58:53 PM BRT Build Host: x86-17.phx2.fedoraproject.org
Group : System Environment/Base Source RPM: coreutils-8.4-8.fc13.src.rpm
Size : 12659257 License: GPLv3+
Signature : RSA/SHA256, Tue 20 Jul 2010 03:14:09 PM BRT, Key ID 7edc6ad6e8e40fde
Packager : Fedora Project
URL : http://www.gnu.org/software/coreutils/
Summary : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities. This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.
$ rpm -q --qf '%{NAME}\t%{VERSION}\t%{RELEASE}\t%{ARCH}\t%{EPOCH}\t%{SIGPGP}\n' coreutils
coreutils 8.4 8.fc13 i686 (none) 8902150305004c45e7717edc6ad6e8e40fde010824c50fff6af998d5b开发者_如何学编程67a663e6c165bbb3ff888afbe0961b7a60bab3d9a1605b271bbfaccc2eda4bc121e7bc8300efa0208100eb0961c021db2f0be52d422d21c0906a3252df125454fd4886af63574ed729c1370f583c0d46e4a97ee007b72966d965eed1891aaacf296ba31cb44fb46a20c5b39031b79c4eff66948aa3e79090a5f1ce969d3319ebbd47ff38ef382c64c1d59ba5c4d40b3d31a02620bd26005910ca98b7115ac24a30c2198f194bebb2347041ea094be23f5af2e6bb397736e8aff0dd95b4ebd2301ce00663180bbcf214559c72bc74a902102cdb2485b60c78e90c07ed76ecc78d44fd2ec710eb59937e513a37383b5f79a9a1a3996b614a8c1dc81eb8bd468b24aeceac378ee2da659978b5ebe7ab8b52ddb9342e45b2aa5d7b46c40904b57fd6e5ecf26e651c0dce46edb65ef54d26b73fbe99ac5757648c2e509e00887bb1373d30202a30e978407d9db3426d1f468ed4f88f3b379b14ac74b98167860fa36adc0768d6f33958e17c08a896f5aadcb6b70ce2c104454ab4d5b2e6166de465905d8aac14d5257324d50d78e9dc0b3836adc0817eacf5cd026e53330afefe24c6ad549d29b46f9bef544abfa4a87c66fc64c5281b453f72b3c6e660098c856d18031abb725792788ca6061603046170bfdfffb7772ee55299a2f92c996cd140470dba1b99f3c8e5e4a4f7c159fd0fae3fd1854335615e577fb5d05f5
To answer the actual question, no, there is no way to directly query for the keyid. I ran into the same problem you're having and found someone actually created a bug report with redhat for a feature to request that feature be added.
In the bug report, the responder says to use something like below:
rpm -q --qf "%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{(none}|}| %{NVRA}\n" emacs | cut -d' ' -f11
Any reason you can't clip the relevant portion of SIGPGP with cut? I strongly suspect it's located at the same offset in every rpm header, but you should probably check RPMs from multiple sources just to be sure.
精彩评论