Bug 476201 - rpm ignores %_gpgbin in contradiction to the manpage
rpm ignores %_gpgbin in contradiction to the manpage
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: rpm (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Panu Matilainen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-12 08:08 EST by Till Maas
Modified: 2009-02-24 15:52 EST (History)
3 users (show)

See Also:
Fixed In Version: 4.6.0-1.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-08 08:08:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Till Maas 2008-12-12 08:08:27 EST
Description of problem:

From the manpage (substituted foo with example):

|        For example, to be able to use GPG to sign packages as the user "John | Doe <jdoe@example.com>" from the key rings located in /etc/rpm/.gpg using 
| the  executable
|       /usr/bin/gpg you would include
|
|       %_signature gpg
|       %_gpg_path /etc/rpm/.gpg
|       %_gpg_name John Doe <jdoe@foo.com>
|       %_gpgbin /usr/bin/gpg

But changing %_gpgbin has no effect.

Version-Release number of selected component (if applicable):
rpm-4.6.0-0.rc1.8

How reproducible:
always

Steps to Reproduce:
1. change %_gpgbin in ~/.rpmmacros to /bin/false
  
Actual results:
gpg can still sign rpms

Expected results:
it should fail

Additional info:
In case you wonder, why I would like to change the executable: I wanted to pass  --force-v3-sigs --digest-algo=sha1 to gpg when using --addsign and the only possble way to do this seems to use a wrapper for gpg and specifying this to rpm, but of course using the __gpg macro. But I guess this macro is not intended for this and may break other stuff.
Comment 1 Panu Matilainen 2008-12-12 08:33:42 EST
Use %__gpg to override the gpg path instead - and yes the man page is severely out of date wrt that.
Comment 2 Panu Matilainen 2008-12-12 08:40:25 EST
...but ok, to use particular options for signing, you'll be better off customizing %__gpg_sign_cmd, %__gpg is indeed only intended to be the path to the gpg executable.
Comment 3 Panu Matilainen 2009-01-08 08:08:04 EST
Manpage updated upstream, Fedora will get it once updated to 4.6.0 final (not worth it to track separately for Fedora).
Comment 4 Fedora Update System 2009-02-24 15:51:58 EST
rpm-4.6.0-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.