Looking at the code, it seems: - [`rpmcliImportPubkeys`](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L83) - [calls](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L99) [`doImport`](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L27) - [calls](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/lib/rpmchecksig.c#L55) [`rpmtsImportPubkey`](https://github.com/rpm-software-management/rpm/blob/master/lib/rpmts.c#L603) - [calls](https://github.com/rpm-software-management/rpm/blob/master/lib/rpmts.c#L646) [`rpmKeyringAddKey`](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/rpmio/rpmkeyring.c#L82)
which [checks if the certificate's key id is known, and if so, don't do anything](https://github.com/rpm-software-management/rpm/blob/1bd0f9cd2eb60c30f6076b202942ab8f43c4e41b/rpmio/rpmkeyring.c#L88-L90). OpenPGP certificates are made up of packets. It is possible to add new packets without updating other packets (e.g., a new subkey, a new self signature that extends the certificate's expiration time). So it is not easy to generate a linear version number for an OpenPGP certificate. I think we need to extend rpm's [pgp interface](https://github.com/rpm-software-management/rpm/blob/master/include/rpm/rpmpgp.h) to add a function to merge two versions of a certificate. -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/2577#issuecomment-1646382884 You are receiving this because you are subscribed to this thread. Message ID: <rpm-software-management/rpm/issues/2577/1646382...@github.com>
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint