This file is indexed.

/usr/lib/rpm/tgpg is in rpm 4.12.0.2+dfsg1-2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/sh


for pkg in $*
do
    if [ "$pkg" = "" -o ! -e "$pkg" ]; then
	echo "no package supplied" 1>&2
	exit 1
    fi

    plaintext=`mktemp ${TMPDIR:-/tmp}/tgpg-$$.XXXXXX`
    detached=`mktemp ${TMPDIR:-/tmp}/tgpg-$$.XXXXXX`

# --- Extract detached signature
    rpm -qp -vv --qf '%{siggpg:armor}' $pkg > $detached

# --- Figger the offset of header+payload in the package
    leadsize=96
    o=`expr $leadsize + 8`

    set `od -j $o -N 8 -t u1 $pkg`
    il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
    dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`

    sigsize=`expr 8 + 16 \* $il + $dl`
    o=`expr $o + $sigsize + \( 8 - \( $sigsize \% 8 \) \) \% 8`

# --- Extract header+payload
    dd if=$pkg ibs=$o skip=1 2>/dev/null > $plaintext

# --- Verify DSA signature using gpg
    gpg --batch -vv --debug 0xfc02 --verify $detached $plaintext

# --- Clean up
    rm -f $detached $plaintext
done