Bug 476201

Summary: rpm ignores %_gpgbin in contradiction to the manpage
Product: [Fedora] Fedora Reporter: Till Maas <opensource>
Component: rpmAssignee: Panu Matilainen <pmatilai>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 10CC: ffesti, jnovy, pmatilai
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 4.6.0-1.fc10 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-08 13:08:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Till Maas 2008-12-12 13:08:27 UTC 
Description of problem:

From the manpage (substituted foo with example):

|        For example, to be able to use GPG to sign packages as the user "John | Doe <jdoe>" from the key rings located in /etc/rpm/.gpg using 
| the  executable
|       /usr/bin/gpg you would include
|
|       %_signature gpg
|       %_gpg_path /etc/rpm/.gpg
|       %_gpg_name John Doe <jdoe>
|       %_gpgbin /usr/bin/gpg

But changing %_gpgbin has no effect.

Version-Release number of selected component (if applicable):
rpm-4.6.0-0.rc1.8

How reproducible:
always

Steps to Reproduce:
1. change %_gpgbin in ~/.rpmmacros to /bin/false
  
Actual results:
gpg can still sign rpms

Expected results:
it should fail

Additional info:
In case you wonder, why I would like to change the executable: I wanted to pass  --force-v3-sigs --digest-algo=sha1 to gpg when using --addsign and the only possble way to do this seems to use a wrapper for gpg and specifying this to rpm, but of course using the __gpg macro. But I guess this macro is not intended for this and may break other stuff.
Comment 1 Panu Matilainen 2008-12-12 13:33:42 UTC 
Use %__gpg to override the gpg path instead - and yes the man page is severely out of date wrt that.
Comment 2 Panu Matilainen 2008-12-12 13:40:25 UTC 
...but ok, to use particular options for signing, you'll be better off customizing %__gpg_sign_cmd, %__gpg is indeed only intended to be the path to the gpg executable.
Comment 3 Panu Matilainen 2009-01-08 13:08:04 UTC 
Manpage updated upstream, Fedora will get it once updated to 4.6.0 final (not worth it to track separately for Fedora).
Comment 4 Fedora Update System 2009-02-24 20:51:58 UTC 
rpm-4.6.0-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.