How to check RPM GPG signature against custom key

There is rpmkeys utility present for checking GPG signature of RPMs. But its man page states that it checks against RPM DB and doesn't mention anything about checking the signature against specific GPG public key (or set of keys). But a quick look at the rpm source code reveals that it tries to load keyring by cheking {%_keyringpath}/*.key first and then falls back to using RPM DB. So, this command should do the job:

mkdir /path/to/my/keys/
cp my_key /path/to/my/keys/my_key.key
rpm -D '%_keyringpath /path/to/my/keys/' -K my_rpm.rpm

Note again that in this case RPM doesn't try to load keys from RPM DB, so only the keys provided in %_keyringpath are used.


All posts

eSyr/blog (last edited 2017-07-21 17:53:53 by eSyr)