Bug 2957

Summary: rpm-2.5.5 --sign fails with certain PGP pass phrases
Product: [Retired] Red Hat Linux Reporter: kevinc
Component: rpmAssignee: David Lawrence <dkl>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.1CC: kevinc
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-05-22 12:45:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description kevinc 1999-05-21 19:46:28 UTC
I found out why I can't get rpm --sign to work.  My PGP pass
phrase will not pass through RPM intact.  My signature
contains alpha, numbers, and punctuation.

So, I tried different alpha, but the same numbers -- that
works.

Then I tried different alpha, but the same punctuation --
that works.

Then I tried the same numbers and punctuation, but no alpha
-- that works.

Then I tried the same alpha, numbers, and punctuation --
never works regardless of order.

Then I tried the several different alpha combinations, the
same numbers, and the same punctuation -- never works
regardless of order.

Bottom line:    rpm-2.5.5 has a PGP pass phrase bug that
only shows up with certain pass phrases.

Comment 1 Jeff Johnson 1999-05-22 12:45:59 UTC
Rpm uses getpass(3) to read pass phrases and fprintf(..., "%s\n") to
pipe the pass phrase to pgp. Getpass(3) is used almost everywhere
a password is read on a unix system (see "man getpass(3)"). Fprintf
does not interpret any alpha, numeric, or punctuation characters
last I checked. I think it unlikely that rpm is at fault here.

Please reopen this bug and supply some pass phrase that fails if
you still believe that rpm is the culprit.