Bug 4013 - rpm 3.0.2-60 will no longer verify PGP signatures with pgp5.0
rpm 3.0.2-60 will no longer verify PGP signatures with pgp5.0
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
6.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-07-13 00:17 EDT by erbenson
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-08-18 14:04:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description erbenson 1999-07-13 00:17:11 EDT
RPM 3.0-60 would use PGP-5.0i-7 (the ONLY pgp installed) to
verfify PGP signatures on .rpm packages via 'rpm -K
foo-1.0-1.i386.rpm' after upgrading from rpm 3.0 to rpm
3.0.2 using the same command that worked flawlessly on 3.0
will result in the following error text on stdout:

PGP is now invoked from different executables for different
operations:

pgpe    Encrypt (including Encrypt/Sign)
pgps    Sign
pgpv    Verify/Decrypt
pgpk    Key management
pgpo    PGP 2.6.2 command-line simulator (not yet
implemented)

See each application's respective man page or the general
PGP documentation
for more information.

---

I believe the problem lies in the fix reported in CHANGES
for 3.0.1 where RPM will prefer pgp2.6.3 to 5.0.x if both
are installed, I believe that RPM is not properly detecting
the 5.0 version of pgp as being version 5 and attempting to
use it as it would 2.6.x, resulting in the previous error.
Comment 1 Jeff Johnson 1999-08-18 14:04:59 EDT
Fixed in (not yet released) rpm-3.0.3.

Note You need to log in before you can comment on or make changes to this bug.