Bug 2029 - rpm and pgp 5.0
rpm and pgp 5.0
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
5.2
All Linux
high Severity medium
: ---
: ---
Assigned To: Jeff Johnson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-04-07 04:47 EDT by inoue
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-05-04 12:04:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description inoue 1999-04-07 04:47:57 EDT
I'm not so sure but rpm is probably not able to pgp-sign
with pgp 5.0.
Following message is what I did and got:

----------------------------------------------------------
rpm -vv --resign netatalk-1.4b2+asun2.1.3-3.i386.rpm
Enter pass phrase:
PGP is now invoked from different executables for different
operations:

pgpe    Encrypt (including Encrypt/Sign)
pgps    Sign
pgpv    Verify/Decrypt
pgpk    Key management
pgpo    PGP 2.6.2 command-line simulator (not yet
implemented)

See each application's respective man page or the general
PGP documentation
for more information.
Pass phrase check failed
----------------------------------------------------------

I think this means rpm runs 'pgp' not 'pgps'...
(I introduced pgp-5.0i-1.i386.rpm from http://www.pgpi.com/.
Comment 1 Jeff Johnson 1999-04-07 14:08:59 EDT
PGP 5.0 has been added to rpm-3.0, but there is yet to be
a single signed package distributed with PGP 5.0.

For backward compatibility with older rpm's without support for
PGP 5.0, you should probably sign packages with pgp-2.6.3 from
ftp.replay.com. That's what we use to sign packages at Red Hat ...

Meanwhile, thanks for the bug report.
Comment 2 Jeff Johnson 1999-05-04 12:04:59 EDT
I believe this problem occurs when both pgp2.6.3 and pgp5 are
installed. In that case, pgp5 rather than pgp2.6.3 was preferred.
I've modified the behavior or rpm to prefer pgp2.6.3 over pgp5 in
rpm-3.0.1-5.

Meanwhile, the original bug report claimed that the wrong executable
would be invoked for pgp5. That is not the case.

Note You need to log in before you can comment on or make changes to this bug.