- Keyring operations (adding/viewing/removing keys and verifying
packages against a given keyring) are different from main rpm operations
in that they only need access to the rpm keyring, and no write access
anywhere else in the system. At the moment the rpm keyring happens
to be the rpmdb but that's just an implementation detail that is
likely to change sooner or later. Besides paving way to separating
the rpm keyring from the rpmdb, splitting this to a small, separate
utility allows limiting its required access from SELinux POV etc.
- For now, this only implements what's already in rpm: --import and
--checksig, remaining operations like listing and manipulating
keyring contents is left as an exercise for another day...
Panu Matilainen