有没有办法以编程方式获取已安装的 RPM 的签名密钥 ID?
如rpm -qi package所示?
我真的不想解析 rpm -qi 的输出。我更愿意使用 rpm -q --qf ,我可以控制它的格式,并且不会受到未来版本的审美奇想的影响。
但我在手册页中可以找到的唯一有用的标签是 SIGPGP,它可以让我获得整个签名,而不仅仅是短密钥 ID。看看区别:
$ rpm -qi coreutils
Name : coreutils Relocations: (not relocatable)
Version : 8.4 Vendor: Fedora Project
Release : 8.fc13 Build Date: Tue 20 Jul 2010 05:21:15 AM BRT
Install Date: Tue 03 Aug 2010 01:58:53 PM BRT Build Host: x86-17.phx2.fedoraproject.org
Group : System Environment/Base Source RPM: coreutils-8.4-8.fc13.src.rpm
Size : 12659257 License: GPLv3+
Signature : RSA/SHA256, Tue 20 Jul 2010 03:14:09 PM BRT, Key ID 7edc6ad6e8e40fde
Packager : Fedora Project
URL : http://www.gnu.org/software/coreutils/
Summary : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities. This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.
$ rpm -q --qf '%{NAME}\t%{VERSION}\t%{RELEASE}\t%{ARCH}\t%{EPOCH}\t%{SIGPGP}\n' coreutils
coreutils 8.4 8.fc13 i686 (none) 8902150305004c45e7717edc6ad6e8e40fde010824c50fff6af998d5b67a663e6c165bbb3ff888afbe0961b7a60bab3d9a1605b271bbfaccc2eda4bc121e7bc8300efa0208100eb0961c021db2f0be52d422d21c0906a3252df125454fd4886af63574ed729c1370f583c0d46e4a97ee007b72966d965eed1891aaacf296ba31cb44fb46a20c5b39031b79c4eff66948aa3e79090a5f1ce969d3319ebbd47ff38ef382c64c1d59ba5c4d40b3d31a02620bd26005910ca98b7115ac24a30c2198f194bebb2347041ea094be23f5af2e6bb397736e8aff0dd95b4ebd2301ce00663180bbcf214559c72bc74a902102cdb2485b60c78e90c07ed76ecc78d44fd2ec710eb59937e513a37383b5f79a9a1a3996b614a8c1dc81eb8bd468b24aeceac378ee2da659978b5ebe7ab8b52ddb9342e45b2aa5d7b46c40904b57fd6e5ecf26e651c0dce46edb65ef54d26b73fbe99ac5757648c2e509e00887bb1373d30202a30e978407d9db3426d1f468ed4f88f3b379b14ac74b98167860fa36adc0768d6f33958e17c08a896f5aadcb6b70ce2c104454ab4d5b2e6166de465905d8aac14d5257324d50d78e9dc0b3836adc0817eacf5cd026e53330afefe24c6ad549d29b46f9bef544abfa4a87c66fc64c5281b453f72b3c6e660098c856d18031abb725792788ca6061603046170bfdfffb7772ee55299a2f92c996cd140470dba1b99f3c8e5e4a4f7c159fd0fae3fd1854335615e577fb5d05f5
As displayed by rpm -qi package?
I don't really want to parse the output of rpm -qi. I'd much rather use rpm -q --qf, of which I can control the format and is not subjected to a future version's aesthetic whims.
But the only useful tag I can find in the man page is SIGPGP, which gets me the entire signature, not only the short key id. See the difference:
$ rpm -qi coreutils
Name : coreutils Relocations: (not relocatable)
Version : 8.4 Vendor: Fedora Project
Release : 8.fc13 Build Date: Tue 20 Jul 2010 05:21:15 AM BRT
Install Date: Tue 03 Aug 2010 01:58:53 PM BRT Build Host: x86-17.phx2.fedoraproject.org
Group : System Environment/Base Source RPM: coreutils-8.4-8.fc13.src.rpm
Size : 12659257 License: GPLv3+
Signature : RSA/SHA256, Tue 20 Jul 2010 03:14:09 PM BRT, Key ID 7edc6ad6e8e40fde
Packager : Fedora Project
URL : http://www.gnu.org/software/coreutils/
Summary : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities. This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.
$ rpm -q --qf '%{NAME}\t%{VERSION}\t%{RELEASE}\t%{ARCH}\t%{EPOCH}\t%{SIGPGP}\n' coreutils
coreutils 8.4 8.fc13 i686 (none) 8902150305004c45e7717edc6ad6e8e40fde010824c50fff6af998d5b67a663e6c165bbb3ff888afbe0961b7a60bab3d9a1605b271bbfaccc2eda4bc121e7bc8300efa0208100eb0961c021db2f0be52d422d21c0906a3252df125454fd4886af63574ed729c1370f583c0d46e4a97ee007b72966d965eed1891aaacf296ba31cb44fb46a20c5b39031b79c4eff66948aa3e79090a5f1ce969d3319ebbd47ff38ef382c64c1d59ba5c4d40b3d31a02620bd26005910ca98b7115ac24a30c2198f194bebb2347041ea094be23f5af2e6bb397736e8aff0dd95b4ebd2301ce00663180bbcf214559c72bc74a902102cdb2485b60c78e90c07ed76ecc78d44fd2ec710eb59937e513a37383b5f79a9a1a3996b614a8c1dc81eb8bd468b24aeceac378ee2da659978b5ebe7ab8b52ddb9342e45b2aa5d7b46c40904b57fd6e5ecf26e651c0dce46edb65ef54d26b73fbe99ac5757648c2e509e00887bb1373d30202a30e978407d9db3426d1f468ed4f88f3b379b14ac74b98167860fa36adc0768d6f33958e17c08a896f5aadcb6b70ce2c104454ab4d5b2e6166de465905d8aac14d5257324d50d78e9dc0b3836adc0817eacf5cd026e53330afefe24c6ad549d29b46f9bef544abfa4a87c66fc64c5281b453f72b3c6e660098c856d18031abb725792788ca6061603046170bfdfffb7772ee55299a2f92c996cd140470dba1b99f3c8e5e4a4f7c159fd0fae3fd1854335615e577fb5d05f5
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
要回答实际问题,不,没有办法直接查询keyid。我遇到了与您相同的问题,并发现有人实际上使用 redhat 创建了 错误报告 请求添加该功能的功能。
在错误报告中,响应者说使用如下所示的内容:
To answer the actual question, no, there is no way to directly query for the keyid. I ran into the same problem you're having and found someone actually created a bug report with redhat for a feature to request that feature be added.
In the bug report, the responder says to use something like below:
有什么原因不能用 cut 来剪辑 SIGPGP 的相关部分吗?我强烈怀疑它在每个 rpm 标头中的偏移量相同,但为了确定起见,您可能应该检查多个来源的 RPM。
Any reason you can't clip the relevant portion of SIGPGP with cut? I strongly suspect it's located at the same offset in every rpm header, but you should probably check RPMs from multiple sources just to be sure.