- Signing (and deleting) are different from everything else in rpm
in that it needs very little of rpm's facilities. For example access
to the rpmdb is not needed at all. Splitting this to a separate,
small utility allows various possibilities, like severely limiting
its access from SELinux POV, control of signature generation with
cli arguments (the main rpm executable is already overcrowded with
options). It's also the first step to allow reasonably splitting
rpm signing to a separate package; not everybody needs to sign
packages, yet signing support needs to drag in GPG and whatnot.
- Reimplement / refactor various librpm signature generation helpers
into somewhat saner internal versions.
Panu Matilainen