Bug 78657 - RFE: Support for OpenPGP v4 signatures used by SuSE.
Summary: RFE: Support for OpenPGP v4 signatures used by SuSE.
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rpm
Version: 8.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Paul Nasrat
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2002-11-27 05:09 UTC by Ralf Corsepius
Modified: 2007-04-18 16:48 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-06-07 21:29:15 UTC

Attachments (Terms of Use)
strace of rpm query to mplayer package (23.89 KB, patch)
2002-11-27 05:49 UTC, Michael Lee Yohe
no flags Details | Diff

Description Ralf Corsepius 2002-11-27 05:09:59 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Description of problem:
Using rpm --queryformat '%{siggpg:armor}' causes rpm-4.1 to segfault:

# rpm -q -vv --queryformat '%{siggpg:armor}' -p bash-2.05b-5.i386.rpm
D: Expected size:       746649 = lead(96)+sigs(344)+pad(0)+data(746209)
D:   Actual size:       746649
D: opening  db environment /var/lib/rpm/Packages joinenv
D: opening  db index       /var/lib/rpm/Packages rdonly mode=0x0
D: locked   db index       /var/lib/rpm/Packages
D: opening  db index       /var/lib/rpm/Pubkeys rdonly mode=0x0
D:  read h#      35 Header sanity check: OK
D: ========== DSA pubkey id 219180cddb42a60e
D: bash-2.05b-5.i386.rpm: V3 DSA signature: OK, key ID db42a60e
Segmentation fault

Version-Release number of selected component (if applicable): rpm-4.1-1.06

How reproducible:

Steps to Reproduce:
See above.


Additional info:

Comment 1 Michael Lee Yohe 2002-11-27 05:48:22 UTC
This is true for only certain types of RPMs.  For instance, on my system - I
built fetchmail 6.1.0-1 from a Red Hat SRPM.  I receive the following:

$ rpm -q -vv --queryformat '%{siggpg:armor}' -p
D: Expected size:       540239 = lead(96)+sigs(180)+pad(4)+data(539959)
D:   Actual size:       540239
D: /usr/src/redhat/RPMS/i686/fetchmail-6.1.0-1.i686.rpm: MD5 digest: OK
(not base64)

However, if I run the query on a third-party RPM:

$ rpm -q -vv --queryformat '%{siggpg:armor}' -p
D: Expected size:       908223 = lead(96)+sigs(248)+pad(0)+data(907879)
D:   Actual size:       908223
warning: only V3 signatures can be verified, skipping V4 signature
Segmentation fault

Yet, IBM's Java runtime environment RPM seems to be okay as well:

$ rpm -q -vv --queryformat '%{siggpg:armor}' -p
D: Expected size:     19038112 = lead(96)+sigs(100)+pad(4)+data(19037912)
D:   Actual size:     19038080
D: /usr/download/IBMJava2-JRE-1.3.1-1.0.i386.rpm: MD5 digest: OK
(not base64)

I checked to see what type of RPM the aforementioned packages were:

$ file /usr/src/redhat/RPMS/i686/fetchmail-6.1.0-1.i686.rpm 
fetchmail-6.1.0-1.i686.rpm: RPM v3 bin i386 fetchmail-6.1.0-1

$ file /usr/download/mplayer-0.90pre8-1.i686.rpm
mplayer-0.90pre8-1.i686.rpm: RPM v3 bin i386 mplayer-0.90pre8-1

$ file /usr/download/IBMJava2-JRE-1.3.1-1.0.i386.rpm 
IBMJava2-JRE-1.3.1-1.0.i386.rpm: RPM v3 bin i386 IBMJava2-JRE-1.3.1-1.0

All RPM v3, right?


... attachment of strace of query on mplayer package next ...

Comment 2 Michael Lee Yohe 2002-11-27 05:49:01 UTC
Created attachment 86664 [details]
strace of rpm query to mplayer package

Comment 3 Jeff Johnson 2002-11-27 20:58:02 UTC
Can you supply a pointer to the package with the
OpenPGP v4 signature packaet? That'll help me get
the segfault fixed pronot. Thanks.

Comment 4 Michael Lee Yohe 2002-11-27 21:34:10 UTC
I think I downloaded mplayer from the main mplayer website.  I'll submit an
attachment later on (don't have it on this workstation).

Comment 5 Jeff Johnson 2002-11-27 21:37:06 UTC
A pointer i(i.e. URL) rather than attachment please, there's
a size limit for bugzilla attachments. And thanks for the help.

Comment 6 Ralf Corsepius 2002-11-27 21:50:01 UTC
Note: My initial report was referring to original RH-8.0 packages.

Wrt: V4 sigs: Any SuSE-8.0/SuSE-8.1 package will do

Comment 7 Jeff Johnson 2002-11-29 14:54:21 UTC
WORKSFORME with rpm-4.2:
bash$ rpm -Kvv ~/TODO/bash-2.05b-47.i586.rpm 
D: Expected size:       629864 = lead(96)+sigs(188)+pad(4)+data(629576)
D:   Actual size:       629832
only V3 signatures can be verified, skipping V4 signature
    MD5 digest: OK (2376c1ed552591501c8216725b1b27be)

The segfault was (my guess) fixed in the "official"
rpm-4.1 release. Try rpm-4.1-9 packages
at ftp://people.redhat.com/test-4.1.

Summary changed to get OpenPGP v4 signatures implemented.

Comment 8 Paul Nasrat 2005-06-07 21:29:15 UTC
Additional patches from Suse for v4 signatures are in rpm HEAD / rpm 4.4.x branch 

I believe it should all be working there.  Closing.  Please file a new bug or
raise discussion on rpm-devel list
https://lists.dulug.duke.edu/mailman/listinfo/rpm-devel if you still have an issue.

Note You need to log in before you can comment on or make changes to this bug.