diff -up rpm-4.11.3/lib/rpmchecksig.c.orig rpm-4.11.3/lib/rpmchecksig.c

--- rpm-4.11.3/lib/rpmchecksig.c.orig	2013-11-22 11:31:31.000000000 +0100

+++ rpm-4.11.3/lib/rpmchecksig.c	2017-03-15 18:18:20.688251955 +0100

@@ -242,8 +242,8 @@ static void formatResult(rpmTagVal sigta

     free(msg);

 }

-static int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags,

-			   FD_t fd, const char *fn)

+int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd,

+                     const char *fn)

 {

     char *buf = NULL;

diff -up rpm-4.11.3/lib/rpmcli.h.orig rpm-4.11.3/lib/rpmcli.h

--- rpm-4.11.3/lib/rpmcli.h.orig	2014-02-05 14:04:02.000000000 +0100

+++ rpm-4.11.3/lib/rpmcli.h	2017-03-15 18:18:20.689251950 +0100

@@ -254,6 +254,17 @@ int showVerifyPackage(QVA_t qva, rpmts t

  */

 int rpmVerifySignatures(QVA_t qva, rpmts ts, FD_t fd, const char * fn);

+/**

+ * Check package and header signatures.

+ * @param keyring	keyring handle

+ * @param flags		flags to control what to verify

+ * @param fd		package file handle

+ * @param fn		package file name

+ * @return		0 on success, 1 on failure

+ */

+int rpmpkgVerifySigs(rpmKeyring keyring, rpmQueryFlags flags, FD_t fd,

+                     const char *fn);

+

 /** \ingroup rpmcli

  * Verify package install.

  * @todo hack: RPMQV_ALL can pass char ** arglist = NULL, not char * arg. Union?

diff -up rpm-4.11.3/python/rpmts-py.c.orig rpm-4.11.3/python/rpmts-py.c

--- rpm-4.11.3/python/rpmts-py.c.orig	2014-02-05 14:04:02.000000000 +0100

+++ rpm-4.11.3/python/rpmts-py.c	2017-03-15 18:18:20.689251950 +0100

@@ -7,6 +7,8 @@

 #include <rpm/rpmpgp.h>

 #include <rpm/rpmdb.h>

 #include <rpm/rpmbuild.h>

+#include <rpm/rpmcli.h>

+#include <rpm/rpmkeyring.h>

 #include "header-py.h"

 #include "rpmds-py.h"	/* XXX for rpmdsNew */

@@ -671,6 +672,24 @@ exit:

     return mio;

 }

+static PyObject *

+rpmts_VerifySigs(rpmtsObject * s, PyObject * args)

+{

+    rpmfdObject *fdo = NULL;

+    char *fn = NULL;

+    rpmQueryFlags flags = (VERIFY_DIGEST|VERIFY_SIGNATURE);

+    int rc = 1;

+

+    if (!PyArg_ParseTuple(args, "O&s|i:VerifySigs", rpmfdFromPyObject, &fdo,

+                          &fn, &flags))

+        return NULL;

+

+    rpmKeyring keyring = rpmtsGetKeyring(s->ts, 1);

+    rc = rpmpkgVerifySigs(keyring, flags, rpmfdGetFd(fdo), fn);

+    rpmKeyringFree(keyring);

+    return PyBool_FromLong(rc == 0);

+}

+

 static struct PyMethodDef rpmts_methods[] = {

  {"addInstall",	(PyCFunction) rpmts_AddInstall,	METH_VARARGS,

 	NULL },

@@ -729,6 +748,14 @@ Remove all elements from the transaction

  {"dbIndex",     (PyCFunction) rpmts_index,	METH_VARARGS|METH_KEYWORDS,

 "ts.dbIndex(TagN) -> ii\n\

 - Create a key iterator for the default transaction rpmdb.\n" },

+ {"_verifySigs",         (PyCFunction) rpmts_VerifySigs, METH_VARARGS,

+  "ts._verifySigs(fdno, fn, [flags]) -- Verify package signature\n\n"

+  "Returns True if it verifies, False otherwise.\n\n"

+  "Args:\n"

+  "  fdno  : file descriptor of the package to verify\n"

+  "  fn    : package file name (just for logging purposes)\n"

+  "  flags : bitfield to control what to verify\n"

+  "          (default is rpm.VERIFY_SIGNATURE | rpm.VERIFY_DIGEST)"},

     {NULL,		NULL}		/* sentinel */

 };