|Summary:||rpm-2.5.5 --sign fails with certain PGP pass phrases|
|Product:||[Retired] Red Hat Linux||Reporter:||kevinc|
|Component:||rpm||Assignee:||David Lawrence <dkl>|
|Status:||CLOSED WONTFIX||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-05-22 12:45:08 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description kevinc 1999-05-21 19:46:28 UTC
I found out why I can't get rpm --sign to work. My PGP pass phrase will not pass through RPM intact. My signature contains alpha, numbers, and punctuation. So, I tried different alpha, but the same numbers -- that works. Then I tried different alpha, but the same punctuation -- that works. Then I tried the same numbers and punctuation, but no alpha -- that works. Then I tried the same alpha, numbers, and punctuation -- never works regardless of order. Then I tried the several different alpha combinations, the same numbers, and the same punctuation -- never works regardless of order. Bottom line: rpm-2.5.5 has a PGP pass phrase bug that only shows up with certain pass phrases.
Comment 1 Jeff Johnson 1999-05-22 12:45:59 UTC
Rpm uses getpass(3) to read pass phrases and fprintf(..., "%s\n") to pipe the pass phrase to pgp. Getpass(3) is used almost everywhere a password is read on a unix system (see "man getpass(3)"). Fprintf does not interpret any alpha, numeric, or punctuation characters last I checked. I think it unlikely that rpm is at fault here. Please reopen this bug and supply some pass phrase that fails if you still believe that rpm is the culprit.