How does openSUSE manage signing keys?


It appears there are three instances of package signing keys in openSUSE-11.3 i.e.

  1. YaST2’s Software Repositories settings
  2. rpm’s idea of installed keys (gpg-pubkey-*)
  3. Keys installed by the openSUSE-build-key package

Items (1) and (2) appear related although YaST2 and rpm can show differing numbers of keys but item (3) seems to be unrelated to the others.

I know you can use rpm -qi on a specific key and extract the public key for adding to YaST2’s keys or importing into /usr/lib/rpm/gnupg/pubring.gpg but this seems very labour intensive.

Is there a method of automatically forcing consistency between these key sets?

Neil Darlow