Description of problem:
Running "rpmbuild ... --sign" is no longer returning a non-zero exit code if the entered pass phrase is wrong.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Grab and install any SRPM.
2. Attempt to build it normally, be sure to include the '--sign' option.
3. Enter an incorrect pass phrase.
rpm-build aborts (as it should) complaining about the wrong pass phrase, but the exit code is 0, incorrectly indicating success.
If the pass phrase is bad, the exit code should not be zero.
This bug was filed under the rpm package instead of rpm-build as would be correct because BZ didn't offer rpm-build as a component.
rpm-build-4.8.1-5.fc14.x86_64 works as expected. Regression must have occurred since then.
Yup... --sign with rpmbuild is deprecated in rpm >= 4.9.0 and implemented with a --pipe hack instead of being built-in as it used to be for minimal backwards compatibility. You're better off using rpmsign directly on the produced packages.
That said, upstream now reflects --pipe command failures in the main exit code(s), taking care of a whole class of similar potential issues, including this particular case. Thanks for the report.
Thanks for the feedback and doing what you can. I was aware of rpmsign, but not aware that --sign was deprecated. I've preferred to stick with --sign as it only requires me to enter my key's passphrase once and both RPM and SRPM get signed whereas rpmsign would have me enter the passphrase once per package.
Oh, you can any number of rpms to rpmsign at once (that's what rpmbuild --sign does behind the scenes now). But of course it does require *some* extra work to figure a suitable glob or such.
rpmsign is working much better for me now that I have it integrated into my build scripts appropriately. I also get the bonus of not having to enter the passphrase for failed builds this way. Better all around. I see no reason to keep this report open.