What verifying a file we want the signature key to be auto-detected and limited to the keyrings we specify, for example: $ gpg --status-fd 0 gentoo-devs.seeds.sig gpg: assuming signed data in 'gentoo-devs.seeds' gpg: Signature made Thu 25 Dec 2014 09:52:35 PM CET using RSA key ID 151C3FC7 [GNUPG:] ERRSIG A41DBBD9151C3FC7 1 10 00 1419540755 9 [GNUPG:] NO_PUBKEY A41DBBD9151C3FC7 gpg: Can't check signature: No public key ^^ Here we have an indication that the long keyID used to issue the signature is A41DBBD9151C3FC7. It would be nice if we can re-use this to verify that it belongs to the gentoo category as $ gkeys verify -C gentoo -f A41DBBD9151C3FC7 \ > -F /var/lib/gentoo/gkeys/seeds/gentoo-devs.seeds \ > -s /var/lib/gentoo/gkeys/seeds/gentoo-devs.seeds.sig Gkey task results: Failed to find nick: None in gentoo category instead of $ gkeys verify -C gentoo -n gkeys -F /var/lib/gentoo/gkeys/seeds/gentoo-devs.seeds -s /var/lib/gentoo/gkeys/seeds/gentoo-devs.seeds.sig Gkey task results: Verification succeeded.: /var/lib/gentoo/gkeys/seeds/gentoo-devs.seeds Key info...............: Gentoo-Linux Gentoo-keys Project Signing Key <gkeys>, 0x825533CBF6CD6C97 As we might not know which of the release keys are used. This would also be extendable to gentoo-devs keyring if not found in release keyring.
An auto-search is done automatically (after initial trial fials) to locate the correct keyring to use to verify with. I will search all available keyring categories until the matching keyid is found. Only thing missing as far as I'm concerned is a switch to turn off auto-search.
