有没有办法以编程方式获取已安装的 RPM 的签名密钥 ID?

发布于 2024-09-24 09:00:24 字数 2291 浏览 8 评论 0原文

rpm -qi package所示?

我真的不想解析 rpm -qi 的输出。我更愿意使用 rpm -q --qf ,我可以控制它的格式,并且不会受到未来版本的审美奇想的影响。

但我在手册页中可以找到的唯一有用的标签是 SIGPGP,它可以让我获得整个签名,而不仅仅是短密钥 ID。看看区别:

$ rpm -qi coreutils
Name        : coreutils                    Relocations: (not relocatable)
Version     : 8.4                               Vendor: Fedora Project
Release     : 8.fc13                        Build Date: Tue 20 Jul 2010 05:21:15 AM BRT
Install Date: Tue 03 Aug 2010 01:58:53 PM BRT      Build Host: x86-17.phx2.fedoraproject.org
Group       : System Environment/Base       Source RPM: coreutils-8.4-8.fc13.src.rpm
Size        : 12659257                         License: GPLv3+
Signature   : RSA/SHA256, Tue 20 Jul 2010 03:14:09 PM BRT, Key ID 7edc6ad6e8e40fde
Packager    : Fedora Project
URL         : http://www.gnu.org/software/coreutils/
Summary     : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities.  This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.

$ rpm -q --qf '%{NAME}\t%{VERSION}\t%{RELEASE}\t%{ARCH}\t%{EPOCH}\t%{SIGPGP}\n' coreutils
coreutils       8.4     8.fc13  i686    (none)  8902150305004c45e7717edc6ad6e8e40fde010824c50fff6af998d5b67a663e6c165bbb3ff888afbe0961b7a60bab3d9a1605b271bbfaccc2eda4bc121e7bc8300efa0208100eb0961c021db2f0be52d422d21c0906a3252df125454fd4886af63574ed729c1370f583c0d46e4a97ee007b72966d965eed1891aaacf296ba31cb44fb46a20c5b39031b79c4eff66948aa3e79090a5f1ce969d3319ebbd47ff38ef382c64c1d59ba5c4d40b3d31a02620bd26005910ca98b7115ac24a30c2198f194bebb2347041ea094be23f5af2e6bb397736e8aff0dd95b4ebd2301ce00663180bbcf214559c72bc74a902102cdb2485b60c78e90c07ed76ecc78d44fd2ec710eb59937e513a37383b5f79a9a1a3996b614a8c1dc81eb8bd468b24aeceac378ee2da659978b5ebe7ab8b52ddb9342e45b2aa5d7b46c40904b57fd6e5ecf26e651c0dce46edb65ef54d26b73fbe99ac5757648c2e509e00887bb1373d30202a30e978407d9db3426d1f468ed4f88f3b379b14ac74b98167860fa36adc0768d6f33958e17c08a896f5aadcb6b70ce2c104454ab4d5b2e6166de465905d8aac14d5257324d50d78e9dc0b3836adc0817eacf5cd026e53330afefe24c6ad549d29b46f9bef544abfa4a87c66fc64c5281b453f72b3c6e660098c856d18031abb725792788ca6061603046170bfdfffb7772ee55299a2f92c996cd140470dba1b99f3c8e5e4a4f7c159fd0fae3fd1854335615e577fb5d05f5

As displayed by rpm -qi package?

I don't really want to parse the output of rpm -qi. I'd much rather use rpm -q --qf, of which I can control the format and is not subjected to a future version's aesthetic whims.

But the only useful tag I can find in the man page is SIGPGP, which gets me the entire signature, not only the short key id. See the difference:

$ rpm -qi coreutils
Name        : coreutils                    Relocations: (not relocatable)
Version     : 8.4                               Vendor: Fedora Project
Release     : 8.fc13                        Build Date: Tue 20 Jul 2010 05:21:15 AM BRT
Install Date: Tue 03 Aug 2010 01:58:53 PM BRT      Build Host: x86-17.phx2.fedoraproject.org
Group       : System Environment/Base       Source RPM: coreutils-8.4-8.fc13.src.rpm
Size        : 12659257                         License: GPLv3+
Signature   : RSA/SHA256, Tue 20 Jul 2010 03:14:09 PM BRT, Key ID 7edc6ad6e8e40fde
Packager    : Fedora Project
URL         : http://www.gnu.org/software/coreutils/
Summary     : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities.  This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.

$ rpm -q --qf '%{NAME}\t%{VERSION}\t%{RELEASE}\t%{ARCH}\t%{EPOCH}\t%{SIGPGP}\n' coreutils
coreutils       8.4     8.fc13  i686    (none)  8902150305004c45e7717edc6ad6e8e40fde010824c50fff6af998d5b67a663e6c165bbb3ff888afbe0961b7a60bab3d9a1605b271bbfaccc2eda4bc121e7bc8300efa0208100eb0961c021db2f0be52d422d21c0906a3252df125454fd4886af63574ed729c1370f583c0d46e4a97ee007b72966d965eed1891aaacf296ba31cb44fb46a20c5b39031b79c4eff66948aa3e79090a5f1ce969d3319ebbd47ff38ef382c64c1d59ba5c4d40b3d31a02620bd26005910ca98b7115ac24a30c2198f194bebb2347041ea094be23f5af2e6bb397736e8aff0dd95b4ebd2301ce00663180bbcf214559c72bc74a902102cdb2485b60c78e90c07ed76ecc78d44fd2ec710eb59937e513a37383b5f79a9a1a3996b614a8c1dc81eb8bd468b24aeceac378ee2da659978b5ebe7ab8b52ddb9342e45b2aa5d7b46c40904b57fd6e5ecf26e651c0dce46edb65ef54d26b73fbe99ac5757648c2e509e00887bb1373d30202a30e978407d9db3426d1f468ed4f88f3b379b14ac74b98167860fa36adc0768d6f33958e17c08a896f5aadcb6b70ce2c104454ab4d5b2e6166de465905d8aac14d5257324d50d78e9dc0b3836adc0817eacf5cd026e53330afefe24c6ad549d29b46f9bef544abfa4a87c66fc64c5281b453f72b3c6e660098c856d18031abb725792788ca6061603046170bfdfffb7772ee55299a2f92c996cd140470dba1b99f3c8e5e4a4f7c159fd0fae3fd1854335615e577fb5d05f5

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

我不在是我 2024-10-01 09:00:24

要回答实际问题,不,没有办法直接查询keyid。我遇到了与您相同的问题,并发现有人实际上使用 redhat 创建了 错误报告 请求添加该功能的功能。

在错误报告中,响应者说使用如下所示的内容:

rpm -q --qf "%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{(none}|}| %{NVRA}\n" emacs | cut -d' ' -f11

To answer the actual question, no, there is no way to directly query for the keyid. I ran into the same problem you're having and found someone actually created a bug report with redhat for a feature to request that feature be added.

In the bug report, the responder says to use something like below:

rpm -q --qf "%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{(none}|}| %{NVRA}\n" emacs | cut -d' ' -f11
嗼ふ静 2024-10-01 09:00:24

有什么原因不能用 cut 来剪辑 SIGPGP 的相关部分吗?我强烈怀疑它在每个 rpm 标头中的偏移量相同,但为了确定起见,您可能应该检查多个来源的 RPM。

Any reason you can't clip the relevant portion of SIGPGP with cut? I strongly suspect it's located at the same offset in every rpm header, but you should probably check RPMs from multiple sources just to be sure.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文