RPM

Bug #913629
Comment #1

Comment 1 for bug 913629

Revision history for this message

In Red Hat Bugzilla #719154, BJ (bj-redhat-bugs) wrote on 2011-07-05:

Description of problem:

When using a DSA GPG key to sign a package in F15, rpmsign exits with code
255 with no other errors/warnings/output. The resulting package is also not
signed at all.

$ cat /etc/redhat-release
Fedora release 15 (Lovelock)

$ rpmsign --version
RPM version 4.9.0

$ gpg --version
gpg (GnuPG) 1.4.11

How reproducible:

Every time

Steps to Reproduce:
1. Create a test GPG key using DSA
2. Add proper macros to ~/.rpmmacros for the key
3. Attempt to sign an rpm package

Actual results:

The package is not signed, no errors are produced, and rpmsign exits with code 255.

Expected results:

The package should be signed.

Additional info:

The following is a full proof of concept.

### GENERATE A TEST KEY

$ gpg --gen-key
# Answers to prompts follow:
#
# Key type (2) DSA and Elgamal
# Key size 2048
# Key is valid for '0' (key does not expire)
# Real name: John Doe
# Email address: <email address hidden>
# Comment: None
#

$ gpg --list-secret-keys
/home/wdierkes/.gnupg/secring.gpg
---------------------------------

sec 2048D/E28D1405 2011-07-05
uid John Doe <email address hidden>
ssb 2048g/10563A7E 2011-07-05

### EXPORTING HERE FOR FUTURE TESTING WITH SAME KEY

$ gpg --armor --export-secret-key E28D1405

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

lQNTBE4ThxsRCACqx3BgKgS1hl99ZkCPHm65RsEC/s0WBzxh/y6h4SRoPVUxXQpp
bUbgAnjYxZxY2HYM+9ViX0buZkpL/7qWPbyIi3eVY6l2/7OJCJe1Ej0UNRrGi4LA
CLmAgTX6gmGLZEdePnNqfeQG8TSdp//HmTXip09gtzvG+8/nCQ61EOkc7CrAEVt7
H/hOX5Z5wEzFjtwLCTBH+fg4Ym15kNUEYfyp0G8C9ywShZ1b9aLAm5U/QJk/Y2JC
Y8ejtD+o6A9uFo63x4rE3r6QxinQNDUca/IZxJDr/w31ZUO0f31YwuTUfxt8zOxy
oMdcsoqsp6doere0Gs1pyr9OhSIXfABfpVwnAQDP7BZxQkg5lUfpOe84shpqd1xK
LG8m3UEUL/7Y+oPcjQf+OfPrLUD8AEl9FzmM3oF4T/S2buwBaBx8Bwi01m1kzeJn
6b5uLDbLc3BYDbUqu5hrzOENkPmmbjvnD4ITJ1jHKnq++Wc9S3CVx52mAdGlNgY2
fOpbE29DmwyYd6pbnU5PyrsHXc2jd1DmI7sP3Bw8YlGpOERsWRGEcvOw71cX4/ld
e92XtOdVaKjuo2cH5iGrrIlESSF2QN58XDSKXgqBEx6Cqvun5Qdb41WwZZYz4sMd
z2kvkzNC0/+JH5ySe+Ii8orttLwD8hqx/YGtuCVnGV+PVrAorAwKva+Eh9S+9zTX
SFLNIZP0pC8uwomKzuuKQXtz7rbbWQ0hULwhofBf+gf8CJou93IhZKfIKPsKRJbb
GAj6/3fmjritxSIMRSsugeFMZnaiAwSXQVHR4vihlOOjJ9+f/fUr0uVLuHvr53xA
wWUICkmu9ITf3x/f+A+ie2GfWqv7gh3knHKncO/o9xmppybDeDMuS4042URfhpuY
Np3HYs4gxFp/QjJ8KsEWUI5lswDnPY5BJHP1xcZ2DS4rHPky+6Mwf9wn+zgNHKUs
6zjxOQ5+9tv69O3dQOkTrgBbVoUH4bQ4AmIeJWpB6dXvHfj7fpycuARbOOuUSjM6
y1ouBfNeeDxufwzgAW6ZjyKmOXQMor00/nl0b/XOg/kA7F8GWTAtELpda8cmT4Sq
jwAA/3DSMtUCQ0G8/SmNNNsB7fnU8VIN7P/7Xo9FQBLP96k6Emq0G0pvaG4gRG9l
IDxqZG9lQGV4YW1wbGUuY29tPoh6BBMRCAAiBQJOE4cbAhsDBgsJCAcDAgYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRDiPFAl4o0UBbrFAQCf8e1DUG5YVDsjDe2FJBNrE5DE
AVYtv7VT+bOuqZCxTwD9FfgTLiQjxJ4+drzXxp3jyq3B8HoYB4R0EQpNsSRg6bOd
Aj0EThOHGxAIAM+rSwjzJns/ULjQATaMQ+lBOzhhny6aC+e5vwanRz6EUNgOh6ac
8fuZ78HG1Zqmy+AwXH9XVnq4isJVtEvxxVH6lgyb/7FxcHUV/rnNBejxA8PdZxrV
WqwV9fA/1IZIzT62cJ1CVq/GNNQEGCXX2G6u7ksHnPdMQKDHtdU1/TN1MmR9I+/o
F4buc3EjJpPGGo+uBARfx8Lc0h1Gg0ncF1gkCx4oo4BHqfM9Zc1a4a5lrzeg9lDf
u9vJ3jN8PfwhNUZ8vbGmy8e8yQ9J8kSCxT7wFb74MXsT5KhtERD29EH4ukL92nGb
xyHTmhHA3s11j47DKLJ00v24NrsBcN/ywEMAAwUIALNj1kCsPhak8JWjWk12sGvx
836GkA6N35UeFRQaTWXmlkL1NIMA1/aYiETixLu8S1ODKUvp78DiAClpOJlVFWgO
47pfi8liYiQufbSHsDTvlA4JLg9nAhug6xUVHobRfyQ6G4VHvvWirI5rW4f4DFHW
RwYN2QUjpI2zRn9UceQhMCpj/8Ez7i1h7K+/LN4089ZzWr5eUOLmZ5uHAh8bYlVg
/6q2SkZbgzWcysU41pIDPn/zwYFvNtdhmkafLBZ8TVyOoq+mKLj8WpotEzfBqRxZ
NFl9hb6pv8OSSeefAlLlavQNiyMLgMq4kLynMqK9fLx0ZXJ5UsNCGkhUg6WsyfMA
AVMGjeRVC/DOqdWJegBNXHPyyWY3kTymNwxq7WoOSOzw1iGg8N7Y+jhwiR1oFnSI
YQQYEQgACQUCThOHGwIbDAAKCRDiPFAl4o0UBbRJAQCPdluWuJYEEzCvsFxgTlqX
zJhf+fCQg5LM7Yiu6EsRWAD/VN8TCNDC48NXImby628JPp1S9o6smrpKBV4BXCal
7K4=
=5rZa
-----END PGP PRIVATE KEY BLOCK-----

$ gpg --armor --export E28D1405

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQMuBE4ThxsRCACqx3BgKgS1hl99ZkCPHm65RsEC/s0WBzxh/y6h4SRoPVUxXQpp
bUbgAnjYxZxY2HYM+9ViX0buZkpL/7qWPbyIi3eVY6l2/7OJCJe1Ej0UNRrGi4LA
CLmAgTX6gmGLZEdePnNqfeQG8TSdp//HmTXip09gtzvG+8/nCQ61EOkc7CrAEVt7
H/hOX5Z5wEzFjtwLCTBH+fg4Ym15kNUEYfyp0G8C9ywShZ1b9aLAm5U/QJk/Y2JC
Y8ejtD+o6A9uFo63x4rE3r6QxinQNDUca/IZxJDr/w31ZUO0f31YwuTUfxt8zOxy
oMdcsoqsp6doere0Gs1pyr9OhSIXfABfpVwnAQDP7BZxQkg5lUfpOe84shpqd1xK
LG8m3UEUL/7Y+oPcjQf+OfPrLUD8AEl9FzmM3oF4T/S2buwBaBx8Bwi01m1kzeJn
6b5uLDbLc3BYDbUqu5hrzOENkPmmbjvnD4ITJ1jHKnq++Wc9S3CVx52mAdGlNgY2
fOpbE29DmwyYd6pbnU5PyrsHXc2jd1DmI7sP3Bw8YlGpOERsWRGEcvOw71cX4/ld
e92XtOdVaKjuo2cH5iGrrIlESSF2QN58XDSKXgqBEx6Cqvun5Qdb41WwZZYz4sMd
z2kvkzNC0/+JH5ySe+Ii8orttLwD8hqx/YGtuCVnGV+PVrAorAwKva+Eh9S+9zTX
SFLNIZP0pC8uwomKzuuKQXtz7rbbWQ0hULwhofBf+gf8CJou93IhZKfIKPsKRJbb
GAj6/3fmjritxSIMRSsugeFMZnaiAwSXQVHR4vihlOOjJ9+f/fUr0uVLuHvr53xA
wWUICkmu9ITf3x/f+A+ie2GfWqv7gh3knHKncO/o9xmppybDeDMuS4042URfhpuY
Np3HYs4gxFp/QjJ8KsEWUI5lswDnPY5BJHP1xcZ2DS4rHPky+6Mwf9wn+zgNHKUs
6zjxOQ5+9tv69O3dQOkTrgBbVoUH4bQ4AmIeJWpB6dXvHfj7fpycuARbOOuUSjM6
y1ouBfNeeDxufwzgAW6ZjyKmOXQMor00/nl0b/XOg/kA7F8GWTAtELpda8cmT4Sq
j7QbSm9obiBEb2UgPGpkb2VAZXhhbXBsZS5jb20+iHoEExEIACIFAk4ThxsCGwMG
CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOI8UCXijRQFusUBAJ/x7UNQblhU
OyMN7YUkE2sTkMQBVi2/tVP5s66pkLFPAP0V+BMuJCPEnj52vNfGnePKrcHwehgH
hHQRCk2xJGDps7kCDQROE4cbEAgAz6tLCPMmez9QuNABNoxD6UE7OGGfLpoL57m/
BqdHPoRQ2A6Hppzx+5nvwcbVmqbL4DBcf1dWeriKwlW0S/HFUfqWDJv/sXFwdRX+
uc0F6PEDw91nGtVarBX18D/UhkjNPrZwnUJWr8Y01AQYJdfYbq7uSwec90xAoMe1
1TX9M3UyZH0j7+gXhu5zcSMmk8Yaj64EBF/HwtzSHUaDSdwXWCQLHiijgEep8z1l
zVrhrmWvN6D2UN+728neM3w9/CE1Rny9sabLx7zJD0nyRILFPvAVvvgxexPkqG0R
EPb0Qfi6Qv3acZvHIdOaEcDezXWPjsMosnTS/bg2uwFw3/LAQwADBQgAs2PWQKw+
FqTwlaNaTXawa/HzfoaQDo3flR4VFBpNZeaWQvU0gwDX9piIROLEu7xLU4MpS+nv
wOIAKWk4mVUVaA7jul+LyWJiJC59tIewNO+UDgkuD2cCG6DrFRUehtF/JDobhUe+
9aKsjmtbh/gMUdZHBg3ZBSOkjbNGf1Rx5CEwKmP/wTPuLWHsr78s3jTz1nNavl5Q
4uZnm4cCHxtiVWD/qrZKRluDNZzKxTjWkgM+f/PBgW8212GaRp8sFnxNXI6ir6Yo
uPxami0TN8GpHFk0WX2Fvqm/w5JJ558CUuVq9A2LIwuAyriQvKcyor18vHRlcnlS
w0IaSFSDpazJ84hhBBgRCAAJBQJOE4cbAhsMAAoJEOI8UCXijRQFtEkBAJJNTGkY
UAcxZR3r9u2ZzVhbIUd/uBHqF6We9y8qqMFfAQCzIB6xKiFqfVuMvLZl22vvE+dF
wfXOq4bPj1rUlfTX4A==
=vc09
-----END PGP PUBLIC KEY BLOCK-----

### ADDED GPG NAME TO RPM MACROS FILE

$ cat ~/.rpmmacros
%_signature gpg
%_gpg_name John Doe <email address hidden>

### VERIFY EXISTING SIG OF A TEST PACKAGE

$ rpm -qip fedora-release-15-1.noarch.rpm | grep Signature
Signature : RSA/SHA256, Wed 11 May 2011 03:26:54 AM CDT, Key ID b4ebf579069c8460

### REMOVE EXISTING SIG

$ rpmsign --delsign fedora-release-15-1.noarch.rpm
fedora-release-15-1.noarch.rpm:

$ rpm -qip fedora-release-15-1.noarch.rpm | grep Signature
Signature : (none)

### ADD OUR SIG

$ rpm --addsign fedora-release-15-1.noarch.rpm
Enter pass phrase:
Pass phrase is good.
fedora-release-15-1.noarch.rpm:

### FAIL BOAT - BUT NO ERRORS

$ echo $?
255

$ rpm -qip fedora-release-15-1.noarch.rpm | grep Signature
Signature : (none)

Description of problem:

When using a DSA GPG key to sign a package in F15, rpmsign exits with code 
255 with no other errors/warnings/output.  The resulting package is also not
signed at all.

$ cat /etc/redhat-release 
Fedora release 15 (Lovelock)

$ rpmsign --version
RPM version 4.9.0

$ gpg --version
gpg (GnuPG) 1.4.11

How reproducible:

Every time

Steps to Reproduce:
1. Create a test GPG key using DSA
2. Add proper macros to ~/.rpmmacros for the key
3. Attempt to sign an rpm package

Actual results:

The package is not signed, no errors are produced, and rpmsign exits with code 255.

Expected results:

The package should be signed.

Additional info:

The following is a full proof of concept.

### GENERATE A TEST KEY

$ gpg --gen-key
# Answers to prompts follow:
#
#   Key type (2) DSA and Elgamal
#   Key size 2048
#   Key is valid for '0' (key does not expire)
#   Real name: John Doe
#   Email address: jdoe@example.com
#   Comment: None
#

$ gpg --list-secret-keys
/home/wdierkes/.gnupg/secring.gpg
---------------------------------

sec   2048D/E28D1405 2011-07-05
uid                  John Doe <jdoe@example.com>
ssb   2048g/10563A7E 2011-07-05

### EXPORTING HERE FOR FUTURE TESTING WITH SAME KEY

$ gpg --armor --export-secret-key E28D1405

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

$ gpg --armor --export E28D1405

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

### ADDED GPG NAME TO RPM MACROS FILE

$ cat ~/.rpmmacros
%_signature gpg
%_gpg_name John Doe <jdoe@example.com>

### VERIFY EXISTING SIG OF A TEST PACKAGE

$ rpm -qip fedora-release-15-1.noarch.rpm | grep Signature
Signature   : RSA/SHA256, Wed 11 May 2011 03:26:54 AM CDT, Key ID b4ebf579069c8460

### REMOVE EXISTING SIG

$ rpmsign --delsign fedora-release-15-1.noarch.rpm 
fedora-release-15-1.noarch.rpm:

$ rpm -qip fedora-release-15-1.noarch.rpm | grep Signature
Signature   : (none)

### ADD OUR SIG

$ rpm --addsign fedora-release-15-1.noarch.rpm 
Enter pass phrase: 
Pass phrase is good.
fedora-release-15-1.noarch.rpm:

### FAIL BOAT - BUT NO ERRORS

$ echo $?
255

$ rpm -qip fedora-release-15-1.noarch.rpm | grep Signature
Signature   : (none)