Bug 50518 - rpm --resign broken
rpm --resign broken
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: rpm (Show other bugs)
7.3
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jeff Johnson
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-31 15:59 EDT by Gerald Teschl
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-31 16:49:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Gerald Teschl 2001-07-31 15:59:18 EDT
[root@soliton autoupdate]# rpm --resign autoupdate-3.1.1-1.noarch.rpm; echo
$?
autoupdate-3.1.1-1.noarch.rpm:
0
[root@soliton autoupdate]# rpm -K autoupdate-3.1.1-1.noarch.rpm
autoupdate-3.1.1-1.noarch.rpm: md5 OK
[root@soliton autoupdate]# rpm -q rpm
rpm-4.0.3-0.79

It doesn't even ask for my pass pharase.
Comment 1 Jeff Johnson 2001-07-31 16:26:57 EDT
I'm able to use --addsign, --resign and -K without problem in
rpm-4.0.3-0.83.
Comment 2 Gerald Teschl 2001-07-31 16:49:01 EDT
Sorry, my mistake: frogot to set %_signature
However, I still have a few remarks:

(1) Why dont it spit out a usefull error message!
(2) Why is the macro not set to gpg by default!?
(3) It only works if I set the %_gpg_name to the key id and
not if I set it to the email or to the full name!?
(4) Why is it necessary to set all these macros in the first place!?
gpg uses the first key found by default and most users will have only one.
Moreover, I can set the default key in the gpg options. So there is
ABSOLUTELY no reason why I should have to configure rpm in order to sign
packages!

This would have saved me 30 minutes and probably it will do so for others as
well. I hate if I have to read 5 manuals to get things working which could have
worked out of the box.
Comment 3 Jeff Johnson 2001-07-31 21:06:21 EDT
1) Because there's a whole class of configuration problems that cannot be
detected.
2) Because there are pgp and pgp5 helper binaries as well and it's not
possible to set the default to gpg.
3) Because that's the argument passed to the gnupg helper binary.
4) For well known historical reasons, digital signatures could not
be included in exportable executables.

FWIW, the digital signatures for rpm are gonna change, and soon,
by implementing DSA for verification directly in rpm. All but the
El Gamal on top of the SHA1 digest are already in place ...

Note You need to log in before you can comment on or make changes to this bug.