views:

14

answers:

1

As displayed by rpm -qi package?

I don't really want to parse the output of rpm -qi. I'd much rather use rpm -q --qf, of which I can control the format and is not subjected to a future version's aesthetic whims.

But the only useful tag I can find in the man page is SIGPGP, which gets me the entire signature, not only the short key id. See the difference:

$ rpm -qi coreutils
Name        : coreutils                    Relocations: (not relocatable)
Version     : 8.4                               Vendor: Fedora Project
Release     : 8.fc13                        Build Date: Tue 20 Jul 2010 05:21:15 AM BRT
Install Date: Tue 03 Aug 2010 01:58:53 PM BRT      Build Host: x86-17.phx2.fedoraproject.org
Group       : System Environment/Base       Source RPM: coreutils-8.4-8.fc13.src.rpm
Size        : 12659257                         License: GPLv3+
Signature   : RSA/SHA256, Tue 20 Jul 2010 03:14:09 PM BRT, Key ID 7edc6ad6e8e40fde
Packager    : Fedora Project
URL         : http://www.gnu.org/software/coreutils/
Summary     : A set of basic GNU tools commonly used in shell scripts
Description :
These are the GNU core utilities.  This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.

$ rpm -q --qf '%{NAME}\t%{VERSION}\t%{RELEASE}\t%{ARCH}\t%{EPOCH}\t%{SIGPGP}\n' coreutils
coreutils       8.4     8.fc13  i686    (none)  8902150305004c45e7717edc6ad6e8e40fde010824c50fff6af998d5b67a663e6c165bbb3ff888afbe0961b7a60bab3d9a1605b271bbfaccc2eda4bc121e7bc8300efa0208100eb0961c021db2f0be52d422d21c0906a3252df125454fd4886af63574ed729c1370f583c0d46e4a97ee007b72966d965eed1891aaacf296ba31cb44fb46a20c5b39031b79c4eff66948aa3e79090a5f1ce969d3319ebbd47ff38ef382c64c1d59ba5c4d40b3d31a02620bd26005910ca98b7115ac24a30c2198f194bebb2347041ea094be23f5af2e6bb397736e8aff0dd95b4ebd2301ce00663180bbcf214559c72bc74a902102cdb2485b60c78e90c07ed76ecc78d44fd2ec710eb59937e513a37383b5f79a9a1a3996b614a8c1dc81eb8bd468b24aeceac378ee2da659978b5ebe7ab8b52ddb9342e45b2aa5d7b46c40904b57fd6e5ecf26e651c0dce46edb65ef54d26b73fbe99ac5757648c2e509e00887bb1373d30202a30e978407d9db3426d1f468ed4f88f3b379b14ac74b98167860fa36adc0768d6f33958e17c08a896f5aadcb6b70ce2c104454ab4d5b2e6166de465905d8aac14d5257324d50d78e9dc0b3836adc0817eacf5cd026e53330afefe24c6ad549d29b46f9bef544abfa4a87c66fc64c5281b453f72b3c6e660098c856d18031abb725792788ca6061603046170bfdfffb7772ee55299a2f92c996cd140470dba1b99f3c8e5e4a4f7c159fd0fae3fd1854335615e577fb5d05f5
+1  A: 

Any reason you can't clip the relevant portion of SIGPGP with cut? I strongly suspect it's located at the same offset in every rpm header, but you should probably check RPMs from multiple sources just to be sure.

Chris
Now that you mention, it IS there! But is this valid for every possible key type, at the same offset?
JCCyC
Some RPMs have SIGPGP, others have SIGGPG. The offset for one seems to be 20 and for the other 36, respectively. Or maybe the difference is because one is RSA/SHA256 and the other is DSA/SHA1.
JCCyC