Bug 2029

Summary: rpm and pgp 5.0
Product: [Retired] Red Hat Linux Reporter: inoue
Component: rpmAssignee: Jeff Johnson <jbj>
Severity: medium Docs Contact:
Priority: high    
Version: 5.2   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-05-04 16:04:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description inoue 1999-04-07 08:47:57 UTC
I'm not so sure but rpm is probably not able to pgp-sign
with pgp 5.0.
Following message is what I did and got:

rpm -vv --resign netatalk-1.4b2+asun2.1.3-3.i386.rpm
Enter pass phrase:
PGP is now invoked from different executables for different

pgpe    Encrypt (including Encrypt/Sign)
pgps    Sign
pgpv    Verify/Decrypt
pgpk    Key management
pgpo    PGP 2.6.2 command-line simulator (not yet

See each application's respective man page or the general
PGP documentation
for more information.
Pass phrase check failed

I think this means rpm runs 'pgp' not 'pgps'...
(I introduced pgp-5.0i-1.i386.rpm from http://www.pgpi.com/.

Comment 1 Jeff Johnson 1999-04-07 18:08:59 UTC
PGP 5.0 has been added to rpm-3.0, but there is yet to be
a single signed package distributed with PGP 5.0.

For backward compatibility with older rpm's without support for
PGP 5.0, you should probably sign packages with pgp-2.6.3 from
ftp.replay.com. That's what we use to sign packages at Red Hat ...

Meanwhile, thanks for the bug report.

Comment 2 Jeff Johnson 1999-05-04 16:04:59 UTC
I believe this problem occurs when both pgp2.6.3 and pgp5 are
installed. In that case, pgp5 rather than pgp2.6.3 was preferred.
I've modified the behavior or rpm to prefer pgp2.6.3 over pgp5 in

Meanwhile, the original bug report claimed that the wrong executable
would be invoked for pgp5. That is not the case.