User story #6756


New Technique to import a GPG Key into RPM

Added by Janos Mattyasovszky about 9 years ago. Updated over 8 years ago.

Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:


On self-signed rpm-md repositories we need to import the own GPG key for it to be accepted.
Currently there is not built in Directive to do this.

Basically one needs to be able to import/verify/remove an ASCII Armored pub key using rpm --import, and it should be ensured that this key is trusted on the System.

See rpm manual:

Digital signatures cannot be verified without a public key.  An ASCII armored public key can be added to the rpm database
using --import. An imported public key is carried in a header, and key ring management is performed exactly like  package
management. For example, all currently imported public keys can be displayed by:

rpm -qa gpg-pubkey*

Details  about  a specific public key, when imported, can be displayed by querying.  Here's information about the Red Hat
GPG/DSA key:

rpm -qi gpg-pubkey-db42a60e

Finally, public keys can be erased after importing just like packages. Here's how to remove the Red Hat GPG/DSA key

rpm -e gpg-pubkey-db42a60e

Subtasks 2 (0 open2 closed)

Bug #8003: update list of technique in maintained techniqueReleasedBenoît PECCATTE2016-02-29Actions
Bug #8011: Technique check repository gpg key doesn't follow the normal orderingReleasedBenoît PECCATTE2016-03-01Actions

Related issues 2 (0 open2 closed)

Related to Rudder - Bug #4876: On SLES, zypper repositories configured by Rudder request a GPG key check at each manual execution of CFEngine agentRejected2014-05-21Actions
Has duplicate Rudder - User story #3371: APT package manager should manage GPG keys for added reposRejected2013-03-22Actions

Also available in: Atom PDF