Andrew Jorgensen
It's better than bad, it's good!

RPM Formatting Names

The RPM query format option (--queryformat or --qf) is extremely useful for gathering detailed information about a system, but the documentation is lacking. I needed to look at what key was used to sign packages, but the SIGPGP query tag is printed as a huge hexadecimal number by default. It turns out there's a way to get it to format in a more useful way, using formatting names. Formatting options are mentioned in the documentation, and some examples, but there's no list of what formatting names are available outside the source code.

From lib/formats.c

// Copyright (c) 1998 by Red Hat Software, Inc.
// SPDX-License-Identifier: LGPL-2.0-only
static const struct headerFormatFunc_s rpmHeaderFormats[] = {
    { RPMTD_FORMAT_STRING,      "string",       stringFormat },
    { RPMTD_FORMAT_ARMOR,       "armor",        armorFormat },
    { RPMTD_FORMAT_BASE64,      "base64",       base64Format },
    { RPMTD_FORMAT_PGPSIG,      "pgpsig",       pgpsigFormat },
    { RPMTD_FORMAT_DEPFLAGS,    "depflags",     depflagsFormat },
    { RPMTD_FORMAT_DEPTYPE,     "deptype",      deptypeFormat },
    { RPMTD_FORMAT_FFLAGS,      "fflags",       fflagsFormat },
    { RPMTD_FORMAT_PERMS,       "perms",        permsFormat },
    { RPMTD_FORMAT_PERMS,       "permissions",  permsFormat },
    { RPMTD_FORMAT_TRIGGERTYPE, "triggertype",  triggertypeFormat },
    { RPMTD_FORMAT_XML,         "xml",          xmlFormat },
    { RPMTD_FORMAT_OCTAL,       "octal",        octalFormat },
    { RPMTD_FORMAT_HEX,         "hex",          hexFormat },
    { RPMTD_FORMAT_DATE,        "date",         dateFormat },
    { RPMTD_FORMAT_DAY,         "day",          dayFormat },
    { RPMTD_FORMAT_SHESCAPE,    "shescape",     shescapeFormat },
    { RPMTD_FORMAT_ARRAYSIZE,   "arraysize",    arraysizeFormat },
    { RPMTD_FORMAT_FSTATE,      "fstate",       fstateFormat },
    { RPMTD_FORMAT_VFLAGS,      "vflags",       vflagsFormat },
    { RPMTD_FORMAT_EXPAND,      "expand",       expandFormat },
    { RPMTD_FORMAT_FSTATUS,     "fstatus",      fstatusFormat },
    { -1,                       NULL,           NULL }
};

So how do you use this? Where you've got %{SIGPGP} in your query format string, use %{SIGPGP:pgpsig} instead. You'll notice that there's even a handy shescape formatting name to make your output shell-safe, and a date name for formatting dates. The expand formatting name calls the rpmExpand() function, which could be handy for something.

If your goal is to discover which of your accepted public keys a package was signed with, you want to match the Version portion of the gpg-pubkey to the last 8 hex digits of the formatted signature on the package.

[root@penguin /]# rpm -qi gpg-pubkey
Name        : gpg-pubkey
Version     : 9570ff31
Release     : 5e3006fb
Architecture: (none)
Install Date: Sat Mar  6 19:58:35 2021
Group       : Public Keys
Size        : 0
License     : pubkey
Signature   : (none)
Source RPM  : (none)
Build Date  : Tue Jan 28 10:03:39 2020
Build Host  : localhost
Packager    : Fedora (33) <fedora-33-primary@fedoraproject.org>
Summary     : Fedora (33) <fedora-33-primary@fedoraproject.org> public key
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.16.0 (NSS-3)

mQINBF4wBvsBEADQmcGbVUbDRUoXADReRmOOEMeydHghtKC9uRs9YNpGYZIB+bie
bGYZmflQayfh/wEpO2W/IZfGpHPL42V7SbyvqMjwNls/fnXsCtf4LRofNK8Qd9fN
kYargc9R7BEz/mwXKMiRQVx+DzkmqGWy2gq4iD0/mCyf5FdJCE40fOWoIGJXaOI1
Tz1vWqKwLS5T0dfmi9U4Tp/XsKOZGvN8oi5h0KmqFk7LEZr1MXarhi2Va86sgxsF
QcZEKfu5tgD0r00vXzikoSjn3qA5JW5FW07F1pGP4bF5f9J3CZbQyOjTSWMmmfTm
2d2BURWzaDiJN9twY2yjzkoOMuPdXXvovg7KxLcQerKT+FbKbq8DySJX2rnOA77k
UG4c9BGf/L1uBkAT8dpHLk6Uf5BfmypxUkydSWT1xfTDnw1MqxO0MsLlAHOR3J7c
oW9kLcOLuCQn1hBEwfZv7VSWBkGXSmKfp0LLIxAFgRtv+Dh+rcMMRdJgKr1V3FU+
rZ1+ZAfYiBpQJFPjv70vx+rGEgS801D3PJxBZUEy4Ic4ZYaKNhK9x9PRQuWcIBuW
6eTe/6lKWZeyxCumLLdiS75mF2oTcBaWeoc3QxrPRV15eDKeYJMbhnUai/7lSrhs
EWCkKR1RivgF4slYmtNE5ZPGZ/d61zjwn2xi4xNJVs8q9WRPMpHp0vCyMwARAQAB
tDFGZWRvcmEgKDMzKSA8ZmVkb3JhLTMzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
cmc+iQI4BBMBAgAiBQJeMAb7AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRBJ/XdJlXD/MZm2D/9kriL43vd3+0DNMeA82n2v9mSR2PQqKny39xNlYPyy/1yZ
P/KXoa4NYSCA971LSd7lv4n/h5bEKgGHxZfttfOzOnWMVSSTfjRyM/df/NNzTUEV
7ORA5GW18g8PEtS7uRxVBf3cLvWu5q+8jmqES5HqTAdGVcuIFQeBXFN8Gy1Jinuz
AH8rJSdkUeZ0cehWbERq80BWM9dhad5dW+/+Gv0foFBvP15viwhWqajr8V0B8es+
2/tHI0k86FAujV5i0rrXl5UOoLilO57QQNDZH/qW9GsHwVI+2yecLstpUNLq+EZC
GqTZCYoxYRpl0gAMbDLztSL/8Bc0tJrCRG3tavJotFYlgUK60XnXlQzRkh9rgsfT
EXbQifWdQMMogzjCJr0hzJ+V1d0iozdUxB2ZEgTjukOvatkB77DY1FPZRkSFIQs+
fdcjazDIBLIxwJu5QwvTNW8lOLnJ46g4sf1WJoUdNTbR0BaC7HHj1inVWi0p7IuN
66EPGzJOSjLK+vW+J0ncPDEgLCV74RF/0nR5fVTdrmiopPrzFuguHf9S9gYI3Zun
Yl8FJUu4kRO6JPPTicUXWX+8XZmE94aK14RCJL23nOSi8T1eW8JLW43dCBRO8QUE
Aso1t2pypm/1zZexJdOV8yGME3g5l2W6PLgpz58DBECgqc/kda+VWgEAp7rO2A==
=EPL3
-----END PGP PUBLIC KEY BLOCK-----

[root@penguin /]# rpm -q --qf '%{NAME}\t%{SIGPGP:pgpsig}\n' rpm
rpm     RSA/SHA256, Thu Jan  7 12:37:46 2021, Key ID 49fd77499570ff31

In the example above, the Version 9570ff31 matches the last 8 hex digits of the Key ID for the rpm package (49fd77499570ff31).