pmatilai left a comment (rpm-software-management/rpm#3652)
So ... nope. The *real* reason for splitting it off main rpm cli was stated
right there in the commit message 🤦
> Keyring operations (adding/viewing/removing keys and verifying packages
> against a given keyring) are different from main rpm operations in that they
> only need access to the rpm keyring, and no write access anywhere else in the
> system. At the moment the rpm keyring happens to be the rpmdb but that's just
> an implementation detail that is likely to change sooner or later. Besides
> paving way to separating the rpm keyring from the rpmdb, splitting this to a
> small, separate utility allows limiting its required access from SELinux POV
> etc.
There's a flaw in this split however: rpmkeys requires write access to the
keyring, and that's something you wouldn't want when verifying the signatures.
The clue to the right split is right there in the previous sentence:
*verification*. Verify, and query, don't need write permissions anywhere on the
system. So that's where the "fault line" and split executable should be. Once
upon a time there even was such a split but it was so cumbersomely implemented
by ifdef'ing throughout the main rpm.c code that we merged that part back in.
With this realization, moving this back to main rpm executable would be a
mistake and if we ever do the qv-split, we'd have to move it yet again. Closing.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3652#issuecomment-2750338851
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3652/2750338...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
