How can I verify that a PGP key is imported into RPM?

You can double check if a key is already imported using rpm -qi gpg-pubkey-<version>-<release>. If it is installed, rpm will give you all the information about it, if not, it'll just exit with a return value of 1, so you could add to your puppet recipe an unless parameter:

exec { "rpm --import /path/to/package":
  # ...
  unless => "rpm -qi gpg-pubkey-<version>-<release> > /dev/null 2>&1"
}

Every key imported adds a rpmdb entry of gpg-pubkey-<left(hex(fingerprint), 8)>-<encoded import date>. Just check for that name (gpg-pubkey) and the appropriate version (the first 8 characters of the key fingerprint in hex) in the rpmdb.


If you just want to verify that the key is imported (without programmatically processing this information) you can list all keys like this:

rpm -qi gpg-pubkey-\* | grep -E ^Packager

or for the ids:

rpm -qi gpg-pubkey-\* | grep -E "^Version  "

This may seem quite obvious to many but I suppose for some it is a more direct answer to (at least the headline of) the question.

Tags:

Rpm

Gpg