Red Hat Bugzilla – Bug 2957
rpm-2.5.5 --sign fails with certain PGP pass phrases
Last modified: 2008-05-01 11:37:50 EDT
I found out why I can't get rpm --sign to work. My PGP pass phrase will not pass through RPM intact. My signature contains alpha, numbers, and punctuation. So, I tried different alpha, but the same numbers -- that works. Then I tried different alpha, but the same punctuation -- that works. Then I tried the same numbers and punctuation, but no alpha -- that works. Then I tried the same alpha, numbers, and punctuation -- never works regardless of order. Then I tried the several different alpha combinations, the same numbers, and the same punctuation -- never works regardless of order. Bottom line: rpm-2.5.5 has a PGP pass phrase bug that only shows up with certain pass phrases.
Rpm uses getpass(3) to read pass phrases and fprintf(..., "%s\n") to pipe the pass phrase to pgp. Getpass(3) is used almost everywhere a password is read on a unix system (see "man getpass(3)"). Fprintf does not interpret any alpha, numeric, or punctuation characters last I checked. I think it unlikely that rpm is at fault here. Please reopen this bug and supply some pass phrase that fails if you still believe that rpm is the culprit.