RPM Community Forums

Mailing List Message of <rpm-devel>

gnupg(...) without external gpg(1)

From: Ralf S. Engelschall <rse+rpm-devel@rpm5.org>
Date: Fri 28 Dec 2007 - 15:48:24 CET
Message-ID: <20071228144824.GA36414@engelschall.com> 
RPM AFAIK contains PGP signature verification code which seems to
be able to even handle the PEM/Base64 variants. So, I'm wondering
whether it would be even possible to implement the "gnupg(<path>) [=
<fingerprint>]" *WITHOUT* an external gpg(1).

The background for this is that especially with the latest GnuPG 2.x
the dependencies to install gpg(1) increased dramatically. This means
that in a self-contained environment like OpenPKG one would be able to
check "gnupg(...)" dependencies only after one has built about a dozen
packages -- this renders "gnupg(...)" mostly useless for us in practice.

But all which I'm seeking for is to be able quickly (no external program
forks) and self-contained (no external dependencies) to check the PGP
signature on a file. So, as RPM already ships with BeeCrypt based PGP
verification functionalit, would be *EASILY* possible to use this
already existing functionality?
                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com
Received on Fri Dec 28 15:49:09 2007
Driven by Jeff Johnson and the RPM project team.
Hosted by OpenPKG and Ralf S. Engelschall.
Powered by FreeBSD and OpenPKG.