Red Hat Bugzilla – Bug 2957
rpm-2.5.5 --sign fails with certain PGP pass phrases
Last modified: 2008-05-01 11:37:50 EDT
I found out why I can't get rpm --sign to work. My PGP pass
phrase will not pass through RPM intact. My signature
contains alpha, numbers, and punctuation.
So, I tried different alpha, but the same numbers -- that
Then I tried different alpha, but the same punctuation --
Then I tried the same numbers and punctuation, but no alpha
-- that works.
Then I tried the same alpha, numbers, and punctuation --
never works regardless of order.
Then I tried the several different alpha combinations, the
same numbers, and the same punctuation -- never works
regardless of order.
Bottom line: rpm-2.5.5 has a PGP pass phrase bug that
only shows up with certain pass phrases.
Rpm uses getpass(3) to read pass phrases and fprintf(..., "%s\n") to
pipe the pass phrase to pgp. Getpass(3) is used almost everywhere
a password is read on a unix system (see "man getpass(3)"). Fprintf
does not interpret any alpha, numeric, or punctuation characters
last I checked. I think it unlikely that rpm is at fault here.
Please reopen this bug and supply some pass phrase that fails if
you still believe that rpm is the culprit.