Signatures are stored in a tag in a package header. So one retrieves a tag from
a header, and then parses out the keyid from the OpenPGP format.
The harder issue is that there are up to 4 (or perhaps more) possible tags
where signatures might be stored, and that even if a signature with a keyid may
not (or cannot in the case of header+payload signatures) be verified.
You can find the 4 tags that may have to be examined by looking at the
--queryformat string used by rpm --info (which displays the keyid) stored in
/usr/lib/rpm. Doing a --queryformat is likely the most efficient extraction of
a keyid when writing scripts, through bindings, or even writing C code.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/240#issuecomment-310361245
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
