Red Hat Bugzilla – Bug 476201
rpm ignores %_gpgbin in contradiction to the manpage
Last modified: 2009-02-24 15:52:32 EST
Description of problem:
From the manpage (substituted foo with example):
| For example, to be able to use GPG to sign packages as the user "John | Doe <email@example.com>" from the key rings located in /etc/rpm/.gpg using
| the executable
| /usr/bin/gpg you would include
| %_signature gpg
| %_gpg_path /etc/rpm/.gpg
| %_gpg_name John Doe <firstname.lastname@example.org>
| %_gpgbin /usr/bin/gpg
But changing %_gpgbin has no effect.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. change %_gpgbin in ~/.rpmmacros to /bin/false
gpg can still sign rpms
it should fail
In case you wonder, why I would like to change the executable: I wanted to pass --force-v3-sigs --digest-algo=sha1 to gpg when using --addsign and the only possble way to do this seems to use a wrapper for gpg and specifying this to rpm, but of course using the __gpg macro. But I guess this macro is not intended for this and may break other stuff.
Use %__gpg to override the gpg path instead - and yes the man page is severely out of date wrt that.
...but ok, to use particular options for signing, you'll be better off customizing %__gpg_sign_cmd, %__gpg is indeed only intended to be the path to the gpg executable.
Manpage updated upstream, Fedora will get it once updated to 4.6.0 final (not worth it to track separately for Fedora).
rpm-4.6.0-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.