Bug 2029 - rpm and pgp 5.0
Summary: rpm and pgp 5.0
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rpm
Version: 5.2
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-04-07 08:47 UTC by inoue
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 1999-05-04 16:04:28 UTC

Attachments (Terms of Use)

Description inoue 1999-04-07 08:47:57 UTC
I'm not so sure but rpm is probably not able to pgp-sign
with pgp 5.0.
Following message is what I did and got:

rpm -vv --resign netatalk-1.4b2+asun2.1.3-3.i386.rpm
Enter pass phrase:
PGP is now invoked from different executables for different

pgpe    Encrypt (including Encrypt/Sign)
pgps    Sign
pgpv    Verify/Decrypt
pgpk    Key management
pgpo    PGP 2.6.2 command-line simulator (not yet

See each application's respective man page or the general
PGP documentation
for more information.
Pass phrase check failed

I think this means rpm runs 'pgp' not 'pgps'...
(I introduced pgp-5.0i-1.i386.rpm from http://www.pgpi.com/.

Comment 1 Jeff Johnson 1999-04-07 18:08:59 UTC
PGP 5.0 has been added to rpm-3.0, but there is yet to be
a single signed package distributed with PGP 5.0.

For backward compatibility with older rpm's without support for
PGP 5.0, you should probably sign packages with pgp-2.6.3 from
ftp.replay.com. That's what we use to sign packages at Red Hat ...

Meanwhile, thanks for the bug report.

Comment 2 Jeff Johnson 1999-05-04 16:04:59 UTC
I believe this problem occurs when both pgp2.6.3 and pgp5 are
installed. In that case, pgp5 rather than pgp2.6.3 was preferred.
I've modified the behavior or rpm to prefer pgp2.6.3 over pgp5 in

Meanwhile, the original bug report claimed that the wrong executable
would be invoked for pgp5. That is not the case.

Note You need to log in before you can comment on or make changes to this bug.