Red Hat Bugzilla – Bug 128771
RFE: Drop asking for password when cached password available from gpg-agent
Last modified: 2015-06-12 04:15:15 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) (KHTML,
Description of problem:
It would be nice to have signature.c not force entering a password
to GPG sign a package. This would allow a packager to group GPG
operations along side RPM building. An unportable way I can think
of is to check the environment variable GPG_AGENT_INFO to detect if
gpg-agent is working. I'm not sure how much this would effect
trying to sign with PGP or other systems.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. rpm --addsign pkg1.rpm pkg2.rpm
2. md5sum *.rpm > md5sum
3. gpg --use-agent --clearsign md5sum
Actual Results: Password needs to be inputted 2 times.
Expected Results: Password only needs to be inputted 1 times.
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
This is an RFE, not a bug report. Sorry I didn't see this earlier. Basically
it's just saying to allow for the agent to transfer the password information to
rpm which helps in scripting scenarios.
*** Bug 171877 has been marked as a duplicate of this bug. ***
One can already extract either the header SHA1 or the header+payload MD5 digest with a query for
later signing with DSA/RSA using gpg to produce a detached signature (as in your reproducer).
The major design issue is that header and header+payload blobs are sections, not entire, files.
Teaching rpm about gpg-agent is unlikely to ever be implemented because of the complexity
of establishing how and when a batch oriented (i.e. no interaction with user) builder/installer
like rpm is permitted to fire up a gpg agent to have a dialogue with the user.
I plan on using keyutils to achieve the same separation as gpg agent if/when I get around to
User email@example.com's account has been closed
Reassigning to owner after bugzilla made a mess, sorry about the noise...
*** Bug 681695 has been marked as a duplicate of this bug. ***
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Fixed upstream as 0bce5fcf270711a2e077fba0fb7c5979ea007eb5