Script to identify source of RPM

Jon Stanley jonstanley at gmail.com
Sun Jul 19 21:33:26 UTC 2009


I hacked together a quick script this weekend that will identify the
source of an RPM via the signing key.  Obviously it fails to identify
what repo it came from, but it does identify the key used to sign it.
The output can obviously be changed, but what it is now is a list of
each signing key, and the RPM's signed by that key.  Feel free to rip
on my horrible python skills :)

Here it is....

#!/usr/bin/python
import rpm, rpmUtils.miscutils

ts=rpm.TransactionSet()
mi=ts.dbMatch()
pubkeys={}
pubkeys['unknown'] = 'Unknown signing key'

def buildKeyList():
    keys = ts.dbMatch(rpm.RPMTAG_NAME, 'gpg-pubkey')
    for hdr in keys:
        pubkeys[hdr[rpm.RPMTAG_VERSION]]=hdr[rpm.RPMTAG_SUMMARY][4:].rsplit('<',1)[0].rstrip()
def getPkgNevra(hdr):
    if hdr[rpm.RPMTAG_EPOCH]:
        return '%s-%s:%s-%s.%s' % ( hdr[rpm.RPMTAG_NAME], hdr[rpm.RPMTAG_EPOCH],
                hdr[rpm.RPMTAG_VERSION], hdr[rpm.RPMTAG_RELEASE],
                hdr[rpm.RPMTAG_ARCH])
    else:
        return '%s-%s-%s.%s' % ( hdr[rpm.RPMTAG_NAME], hdr[rpm.RPMTAG_VERSION],
                hdr[rpm.RPMTAG_RELEASE], hdr[rpm.RPMTAG_ARCH] )
def getSig(hdr):
    if hdr[rpm.RPMTAG_DSAHEADER]:
        keyid = rpmUtils.miscutils.getSigInfo(hdr)[1][2][16:]
        try:
            return (getPkgNevra(hdr), pubkeys[keyid])
        except KeyError:
            return (getPkgNevra(hdr), pubkeys['unknown'])
    else:
        return (getPkgNevra(hdr), 'unsigned')

if __name__ == '__main__':
    buildKeyList()
    pkgs = {}
    for keyname in pubkeys.itervalues():
        pkgs[keyname] = []
    pkgs['unsigned'] = []
    for hdr in mi:
        if hdr[rpm.RPMTAG_NAME] == 'gpg-pubkey':
            continue
        nevra, key = getSig(hdr)
        pkgs[key].append(nevra)
    for pkg in pkgs.iteritems():
        if pkg[1]:
            print pkg[0]
            print '-' * len(pkg[0])
            for pkginstance in pkg[1]:
                print pkginstance
            print




More information about the epel-devel-list mailing list