Bug 128771 - RFE: Drop asking for password when cached password available from gpg-agent
RFE: Drop asking for password when cached password available from gpg-agent
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Packaging Toolset Team
: FutureFeature
: 171877 681695 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-29 07:15 EDT by Jeff Pitman
Modified: 2015-06-12 04:15 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-06-12 04:15:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jeff Pitman 2004-07-29 07:15:59 EDT
From Bugzilla Helper: 
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) (KHTML, 
like Gecko) 
 
Description of problem: 
It would be nice to have signature.c not force entering a password 
to GPG sign a package. This would allow a packager to group GPG 
operations along side RPM building.  An unportable way I can think 
of is to check the environment variable GPG_AGENT_INFO to detect if 
gpg-agent is working.  I'm not sure how much this would effect 
trying to sign with PGP or other systems. 
 
Version-Release number of selected component (if applicable): 
rpm-4.3.1 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1. rpm --addsign pkg1.rpm pkg2.rpm 
2. md5sum *.rpm > md5sum 
3. gpg --use-agent --clearsign md5sum 
 
Actual Results:  Password needs to be inputted 2 times. 
 
Expected Results:  Password only needs to be inputted 1 times. 
 
Additional info:
Comment 1 Matthew Miller 2005-04-26 11:56:28 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 2 Jeff Pitman 2005-11-18 19:39:10 EST
This is an RFE, not a bug report. Sorry I didn't see this earlier. Basically
it's just saying to allow for the agent to transfer the password information to
rpm which helps in scripting scenarios.
Comment 3 Paul Nasrat 2005-11-28 17:40:03 EST
*** Bug 171877 has been marked as a duplicate of this bug. ***
Comment 4 Jeff Johnson 2007-04-03 08:09:29 EDT
One can already extract either the header SHA1 or the header+payload MD5 digest with a query for
later signing with DSA/RSA using gpg to produce a detached signature (as in your reproducer).

The major design issue is that header and header+payload blobs are sections, not entire, files.

Teaching rpm about gpg-agent is unlikely to ever be implemented because of the complexity
of establishing how and when a batch oriented (i.e. no interaction with user) builder/installer
like rpm is permitted to fire up a gpg agent to have a dialogue with the user.

I plan on using keyutils to achieve the same separation as gpg agent if/when I get around to 
implementing.
Comment 5 Red Hat Bugzilla 2007-08-21 01:18:31 EDT
User pnasrat@redhat.com's account has been closed
Comment 6 Panu Matilainen 2007-08-22 02:30:55 EDT
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Comment 8 Panu Matilainen 2011-03-09 03:54:54 EST
*** Bug 681695 has been marked as a duplicate of this bug. ***
Comment 9 Fedora Admin XMLRPC Client 2012-04-13 19:11:38 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 10 Fedora Admin XMLRPC Client 2012-04-13 19:13:45 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 11 Ľuboš Kardoš 2015-06-12 04:15:15 EDT
Fixed upstream as 0bce5fcf270711a2e077fba0fb7c5979ea007eb5

Note You need to log in before you can comment on or make changes to this bug.