Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 78657 - RFE: Support for OpenPGP v4 signatures used by SuSE.
Summary: RFE: Support for OpenPGP v4 signatures used by SuSE.
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rpm
Version: 8.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Paul Nasrat
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-11-27 05:09 UTC by Ralf Corsepius
Modified: 2007-04-18 16:48 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-07 21:29:15 UTC


Attachments (Terms of Use)
strace of rpm query to mplayer package (deleted)
2002-11-27 05:49 UTC, Michael Lee Yohe
no flags Details | Diff

Description Ralf Corsepius 2002-11-27 05:09:59 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
Using rpm --queryformat '%{siggpg:armor}' causes rpm-4.1 to segfault:

# rpm -q -vv --queryformat '%{siggpg:armor}' -p bash-2.05b-5.i386.rpm
D: Expected size:       746649 = lead(96)+sigs(344)+pad(0)+data(746209)
D:   Actual size:       746649
D: opening  db environment /var/lib/rpm/Packages joinenv
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D:  read h#      35 Header sanity check: OK
D: ========== DSA pubkey id 219180cddb42a60e
D: bash-2.05b-5.i386.rpm: V3 DSA signature: OK, key ID db42a60e
Segmentation fault


Version-Release number of selected component (if applicable): rpm-4.1-1.06

How reproducible:
Always

Steps to Reproduce:
See above.

	

Additional info:

Comment 1 Michael Lee Yohe 2002-11-27 05:48:22 UTC
This is true for only certain types of RPMs.  For instance, on my system - I
built fetchmail 6.1.0-1 from a Red Hat SRPM.  I receive the following:

$ rpm -q -vv --queryformat '%{siggpg:armor}' -p
/usr/src/redhat/RPMS/i686/fetchmail-6.1.0-1.i686.rpm 
D: Expected size:       540239 = lead(96)+sigs(180)+pad(4)+data(539959)
D:   Actual size:       540239
D: /usr/src/redhat/RPMS/i686/fetchmail-6.1.0-1.i686.rpm: MD5 digest: OK
(e3e1fc770d75b7fe642c13975fe0b62b)
(not base64)

However, if I run the query on a third-party RPM:

$ rpm -q -vv --queryformat '%{siggpg:armor}' -p
/usr/download/mplayer-0.90pre8-1.i686.rpm 
D: Expected size:       908223 = lead(96)+sigs(248)+pad(0)+data(907879)
D:   Actual size:       908223
warning: only V3 signatures can be verified, skipping V4 signature
Segmentation fault

Yet, IBM's Java runtime environment RPM seems to be okay as well:

$ rpm -q -vv --queryformat '%{siggpg:armor}' -p
/usr/download/IBMJava2-JRE-1.3.1-1.0.i386.rpm 
D: Expected size:     19038112 = lead(96)+sigs(100)+pad(4)+data(19037912)
D:   Actual size:     19038080
D: /usr/download/IBMJava2-JRE-1.3.1-1.0.i386.rpm: MD5 digest: OK
(ecd5caf5547eb1ae166b15c3cae65629)
(not base64)

I checked to see what type of RPM the aforementioned packages were:

$ file /usr/src/redhat/RPMS/i686/fetchmail-6.1.0-1.i686.rpm 
fetchmail-6.1.0-1.i686.rpm: RPM v3 bin i386 fetchmail-6.1.0-1

$ file /usr/download/mplayer-0.90pre8-1.i686.rpm
mplayer-0.90pre8-1.i686.rpm: RPM v3 bin i386 mplayer-0.90pre8-1

$ file /usr/download/IBMJava2-JRE-1.3.1-1.0.i386.rpm 
IBMJava2-JRE-1.3.1-1.0.i386.rpm: RPM v3 bin i386 IBMJava2-JRE-1.3.1-1.0

All RPM v3, right?

So...

... attachment of strace of query on mplayer package next ...

Comment 2 Michael Lee Yohe 2002-11-27 05:49:01 UTC
Created attachment 86664 [details]
strace of rpm query to mplayer package

Comment 3 Jeff Johnson 2002-11-27 20:58:02 UTC
Can you supply a pointer to the package with the
OpenPGP v4 signature packaet? That'll help me get
the segfault fixed pronot. Thanks.

Comment 4 Michael Lee Yohe 2002-11-27 21:34:10 UTC
I think I downloaded mplayer from the main mplayer website.  I'll submit an
attachment later on (don't have it on this workstation).

Comment 5 Jeff Johnson 2002-11-27 21:37:06 UTC
A pointer i(i.e. URL) rather than attachment please, there's
a size limit for bugzilla attachments. And thanks for the help.

Comment 6 Ralf Corsepius 2002-11-27 21:50:01 UTC
Note: My initial report was referring to original RH-8.0 packages.

Wrt: V4 sigs: Any SuSE-8.0/SuSE-8.1 package will do
ftp://ftp.suse.com/pub/suse/i386/8.1/suse


Comment 7 Jeff Johnson 2002-11-29 14:54:21 UTC
WORKSFORME with rpm-4.2:
bash$ rpm -Kvv ~/TODO/bash-2.05b-47.i586.rpm 
D: Expected size:       629864 = lead(96)+sigs(188)+pad(4)+data(629576)
D:   Actual size:       629832
only V3 signatures can be verified, skipping V4 signature
/home/devel/jbj/TODO/bash-2.05b-47.i586.rpm:
    MD5 digest: OK (2376c1ed552591501c8216725b1b27be)

The segfault was (my guess) fixed in the "official"
rpm-4.1 release. Try rpm-4.1-9 packages
at ftp://people.redhat.com/test-4.1.

Summary changed to get OpenPGP v4 signatures implemented.

Comment 8 Paul Nasrat 2005-06-07 21:29:15 UTC
Additional patches from Suse for v4 signatures are in rpm HEAD / rpm 4.4.x branch 

I believe it should all be working there.  Closing.  Please file a new bug or
raise discussion on rpm-devel list
https://lists.dulug.duke.edu/mailman/listinfo/rpm-devel if you still have an issue.


Note You need to log in before you can comment on or make changes to this bug.