It appears there are three instances of package signing keys in openSUSE-11.3 i.e.
- YaST2’s Software Repositories settings
- rpm’s idea of installed keys (gpg-pubkey-*)
- Keys installed by the openSUSE-build-key package
Items (1) and (2) appear related although YaST2 and rpm can show differing numbers of keys but item (3) seems to be unrelated to the others.
I know you can use rpm -qi on a specific key and extract the public key for adding to YaST2’s keys or importing into /usr/lib/rpm/gnupg/pubring.gpg but this seems very labour intensive.
Is there a method of automatically forcing consistency between these key sets?