When using a DSA GPG key to sign a package in F15, rpmsign exits with code
255 with no other errors/warnings/output. The resulting package is also not
signed at all.
Steps to Reproduce:
1. Create a test GPG key using DSA
2. Add proper macros to ~/.rpmmacros for the key
3. Attempt to sign an rpm package
Actual results:
The package is not signed, no errors are produced, and rpmsign exits with code 255.
Expected results:
The package should be signed.
Additional info:
The following is a full proof of concept.
### GENERATE A TEST KEY
$ gpg --gen-key
# Answers to prompts follow:
#
# Key type (2) DSA and Elgamal
# Key size 2048
# Key is valid for '0' (key does not expire)
# Real name: John Doe
# Email address: <email address hidden>
# Comment: None
#
Description of problem:
When using a DSA GPG key to sign a package in F15, rpmsign exits with code warnings/ output. The resulting package is also not
255 with no other errors/
signed at all.
$ cat /etc/redhat-release
Fedora release 15 (Lovelock)
$ rpmsign --version
RPM version 4.9.0
$ gpg --version
gpg (GnuPG) 1.4.11
How reproducible:
Every time
Steps to Reproduce:
1. Create a test GPG key using DSA
2. Add proper macros to ~/.rpmmacros for the key
3. Attempt to sign an rpm package
Actual results:
The package is not signed, no errors are produced, and rpmsign exits with code 255.
Expected results:
The package should be signed.
Additional info:
The following is a full proof of concept.
### GENERATE A TEST KEY
$ gpg --gen-key
# Answers to prompts follow:
#
# Key type (2) DSA and Elgamal
# Key size 2048
# Key is valid for '0' (key does not expire)
# Real name: John Doe
# Email address: <email address hidden>
# Comment: None
#
$ gpg --list-secret-keys .gnupg/ secring. gpg ------- ------- ------- -----
/home/wdierkes/
-------
sec 2048D/E28D1405 2011-07-05
uid John Doe <email address hidden>
ssb 2048g/10563A7E 2011-07-05
### EXPORTING HERE FOR FUTURE TESTING WITH SAME KEY
$ gpg --armor --export-secret-key E28D1405
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
lQNTBE4ThxsRCAC qx3BgKgS1hl99Zk CPHm65RsEC/ s0WBzxh/ y6h4SRoPVUxXQpp M+9ViX0buZkpL/ 7qWPbyIi3eVY6l2 /7OJCJe1Ej0UNRr Gi4LA ePnNqfeQG8TSdp/ /HmTXip09gtzvG+ 8/nCQ61EOkc7CrA EVt7 LCTBH+fg4Ym15kN UEYfyp0G8C9ywSh Z1b9aLAm5U/ QJk/Y2JC o6A9uFo63x4rE3r 6QxinQNDUca/ IZxJDr/ w31ZUO0f31YwuTU fxt8zOxy 0Gs1pyr9OhSIXfA BfpVwnAQDP7BZxQ kg5lUfpOe84shpq d1xK 7Y+oPcjQf+ OfPrLUD8AEl9Fzm M3oF4T/ S2buwBaBx8Bwi01 m1kzeJn qu5hrzOENkPmmbj vnD4ITJ1jHKnq+ +Wc9S3CVx52mAdG lNgY2 bnU5PyrsHXc2jd1 DmI7sP3Bw8YlGpO ERsWRGEcvOw71cX 4/ld H5iGrrIlESSF2QN 58XDSKXgqBEx6Cq vun5Qdb41WwZZYz 4sMd +JH5ySe+ Ii8orttLwD8hqx/ YGtuCVnGV+ PVrAorAwKva+ Eh9S+9zTX KzuuKQXtz7rbbWQ 0hULwhofBf+ gf8CJou93IhZKfI KPsKRJbb MRSsugeFMZnaiAw SXQVHR4vihlOOjJ 9+f/fUr0uVLuHvr 53xA f+A+ie2GfWqv7gh 3knHKncO/ o9xmppybDeDMuS4 042URfhpuY QjJ8KsEWUI5lswD nPY5BJHP1xcZ2DS 4rHPky+ 6Mwf9wn+ zgNHKUs 9tv69O3dQOkTrgB bVoUH4bQ4AmIeJW pB6dXvHfj7fpycu ARbOOuUSjM6 gAW6ZjyKmOXQMor 00/nl0b/ XOg/kA7F8GWTAtE Lpda8cmT4Sq 8/SmNNNsB7fnU8V IN7P/7Xo9FQBLP9 6k6Emq0G0pvaG4g RG9l wbGUuY29tPoh6BB MRCAAiBQJOE4cbA hsDBgsJCAcDAgYV CAIJ XgAAKCRDiPFAl4o 0UBbrFAQCf8e1DU G5YVDsjDe2FJBNr E5DE bOuqZCxTwD9FfgT LiQjxJ4+ drzXxp3jyq3B8Ho YB4R0EQpNsSRg6b Od rSwjzJns/ ULjQATaMQ+ lBOzhhny6aC+ e5vwanRz6EUNgOh 6ac AwXH9XVnq4isJVt EvxxVH6lgyb/ 7FxcHUV/ rnNBejxA8PdZxrV 1IZIzT62cJ1CVq/ GNNQEGCXX2G6u7k sHnPdMQKDHtdU1/ TN1MmR9I+ /o uBARfx8Lc0h1Gg0 ncF1gkCx4oo4BHq fM9Zc1a4a5lrzeg 9lDf 8vbGmy8e8yQ9J8k SCxT7wFb74MXsT5 KhtERD29EH4ukL9 2nGb DKLJ00v24NrsBcN /ywEMAAwUIALNj1 kCsPhak8JWjWk12 sGvx aTWXmlkL1NIMA1/ aYiETixLu8S1ODK Uvp78DiAClpOJlV FWgO HsDTvlA4JLg9nAh ug6xUVHobRfyQ6G 4VHvvWirI5rW4f4 DFHW UceQhMCpj/ 8Ez7i1h7K+ /LN4089ZzWr5eUO LmZ5uHAh8bYlVg 41pIDPn/ zwYFvNtdhmkafLB Z8TVyOoq+ mKLj8WpotEzfBqR xZ fAlLlavQNiyMLgM q4kLynMqK9fLx0Z XJ5UsNCGkhUg6Ws yfMA DOqdWJegBNXHPyy WY3kTymNwxq7WoO SOzw1iGg8N7Y+ jhwiR1oFnSI HGwIbDAAKCRDiPF Al4o0UBbRJAQCPd luWuJYEEzCvsFxg TlqX u6EsRWAD/ VN8TCNDC48NXImb y628JPp1S9o6smr pKBV4BXCal
bUbgAnjYxZxY2HY
CLmAgTX6gmGLZEd
H/hOX5Z5wEzFjtw
Y8ejtD+
oMdcsoqsp6doere
LG8m3UEUL/
6b5uLDbLc3BYDbU
fOpbE29DmwyYd6p
e92XtOdVaKjuo2c
z2kvkzNC0/
SFLNIZP0pC8uwom
GAj6/3fmjritxSI
wWUICkmu9ITf3x/
Np3HYs4gxFp/
6zjxOQ5+
y1ouBfNeeDxufwz
jwAA/3DSMtUCQ0G
IDxqZG9lQGV4YW1
CgsEFgIDAQIeAQI
AVYtv7VT+
Aj0EThOHGxAIAM+
8fuZ78HG1Zqmy+
WqwV9fA/
F4buc3EjJpPGGo+
u9vJ3jN8PfwhNUZ
xyHTmhHA3s11j47
836GkA6N35UeFRQ
47pfi8liYiQufbS
RwYN2QUjpI2zRn9
/6q2SkZbgzWcysU
NFl9hb6pv8OSSee
AVMGjeRVC/
YQQYEQgACQUCThO
zJhf+fCQg5LM7Yi
7K4=
=5rZa
-----END PGP PRIVATE KEY BLOCK-----
$ gpg --armor --export E28D1405
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQMuBE4ThxsRCAC qx3BgKgS1hl99Zk CPHm65RsEC/ s0WBzxh/ y6h4SRoPVUxXQpp M+9ViX0buZkpL/ 7qWPbyIi3eVY6l2 /7OJCJe1Ej0UNRr Gi4LA ePnNqfeQG8TSdp/ /HmTXip09gtzvG+ 8/nCQ61EOkc7CrA EVt7 LCTBH+fg4Ym15kN UEYfyp0G8C9ywSh Z1b9aLAm5U/ QJk/Y2JC o6A9uFo63x4rE3r 6QxinQNDUca/ IZxJDr/ w31ZUO0f31YwuTU fxt8zOxy 0Gs1pyr9OhSIXfA BfpVwnAQDP7BZxQ kg5lUfpOe84shpq d1xK 7Y+oPcjQf+ OfPrLUD8AEl9Fzm M3oF4T/ S2buwBaBx8Bwi01 m1kzeJn qu5hrzOENkPmmbj vnD4ITJ1jHKnq+ +Wc9S3CVx52mAdG lNgY2 bnU5PyrsHXc2jd1 DmI7sP3Bw8YlGpO ERsWRGEcvOw71cX 4/ld H5iGrrIlESSF2QN 58XDSKXgqBEx6Cq vun5Qdb41WwZZYz 4sMd +JH5ySe+ Ii8orttLwD8hqx/ YGtuCVnGV+ PVrAorAwKva+ Eh9S+9zTX KzuuKQXtz7rbbWQ 0hULwhofBf+ gf8CJou93IhZKfI KPsKRJbb MRSsugeFMZnaiAw SXQVHR4vihlOOjJ 9+f/fUr0uVLuHvr 53xA f+A+ie2GfWqv7gh 3knHKncO/ o9xmppybDeDMuS4 042URfhpuY QjJ8KsEWUI5lswD nPY5BJHP1xcZ2DS 4rHPky+ 6Mwf9wn+ zgNHKUs 9tv69O3dQOkTrgB bVoUH4bQ4AmIeJW pB6dXvHfj7fpycu ARbOOuUSjM6 gAW6ZjyKmOXQMor 00/nl0b/ XOg/kA7F8GWTAtE Lpda8cmT4Sq gPGpkb2VAZXhhbX BsZS5jb20+ iHoEExEIACIFAk4 ThxsCGwMG KCwQWAgMBAh4BAh eAAAoJEOI8UCXij RQFusUBAJ/ x7UNQblhU BVi2/tVP5s66pkL FPAP0V+ BMuJCPEnj52vNfG nePKrcHwehgH CDQROE4cbEAgAz6 tLCPMmez9QuNABN oxD6UE7OGGfLpoL 57m/ x+5nvwcbVmqbL4D Bcf1dWeriKwlW0S /HFUfqWDJv/ sXFwdRX+ arBX18D/ UhkjNPrZwnUJWr8 Y01AQYJdfYbq7uS wec90xAoMe1 gXhu5zcSMmk8Yaj 64EBF/HwtzSHUaD SdwXWCQLHiijgEe p8z1l 728neM3w9/ CE1Rny9sabLx7zJ D0nyRILFPvAVvvg xexPkqG0R HIdOaEcDezXWPjs MosnTS/ bg2uwFw3/ LAQwADBQgAs2PWQ Kw+ HzfoaQDo3flR4VF BpNZeaWQvU0gwDX 9piIROLEu7xLU4M pS+nv jul+LyWJiJC59tI ewNO+UDgkuD2cCG 6DrFRUehtF/ JDobhUe+ gMUdZHBg3ZBSOkj bNGf1Rx5CEwKmP/ wTPuLWHsr78s3jT z1nNavl5Q /qrZKRluDNZzKxT jWkgM+f/ PBgW8212GaRp8sF nxNXI6ir6Yo 0WX2Fvqm/ w5JJ558CUuVq9A2 LIwuAyriQvKcyor 18vHRlcnlS hBBgRCAAJBQJOE4 cbAhsMAAoJEOI8U CXijRQFtEkBAJJN TGkY bIUd/uBHqF6We9y 8qqMFfAQCzIB6xK iFqfVuMvLZl22vv E+dF X4A==
bUbgAnjYxZxY2HY
CLmAgTX6gmGLZEd
H/hOX5Z5wEzFjtw
Y8ejtD+
oMdcsoqsp6doere
LG8m3UEUL/
6b5uLDbLc3BYDbU
fOpbE29DmwyYd6p
e92XtOdVaKjuo2c
z2kvkzNC0/
SFLNIZP0pC8uwom
GAj6/3fmjritxSI
wWUICkmu9ITf3x/
Np3HYs4gxFp/
6zjxOQ5+
y1ouBfNeeDxufwz
j7QbSm9obiBEb2U
CwkIBwMCBhUIAgk
OyMN7YUkE2sTkMQ
hHQRCk2xJGDps7k
BqdHPoRQ2A6Hppz
uc0F6PEDw91nGtV
1TX9M3UyZH0j7+
zVrhrmWvN6D2UN+
EPb0Qfi6Qv3acZv
FqTwlaNaTXawa/
wOIAKWk4mVUVaA7
9aKsjmtbh/
4uZnm4cCHxtiVWD
uPxami0TN8GpHFk
w0IaSFSDpazJ84h
UAcxZR3r9u2ZzVh
wfXOq4bPj1rUlfT
=vc09
-----END PGP PUBLIC KEY BLOCK-----
### ADDED GPG NAME TO RPM MACROS FILE
$ cat ~/.rpmmacros
%_signature gpg
%_gpg_name John Doe <email address hidden>
### VERIFY EXISTING SIG OF A TEST PACKAGE
$ rpm -qip fedora- release- 15-1.noarch. rpm | grep Signature
Signature : RSA/SHA256, Wed 11 May 2011 03:26:54 AM CDT, Key ID b4ebf579069c8460
### REMOVE EXISTING SIG
$ rpmsign --delsign fedora- release- 15-1.noarch. rpm release- 15-1.noarch. rpm:
fedora-
$ rpm -qip fedora- release- 15-1.noarch. rpm | grep Signature
Signature : (none)
### ADD OUR SIG
$ rpm --addsign fedora- release- 15-1.noarch. rpm release- 15-1.noarch. rpm:
Enter pass phrase:
Pass phrase is good.
fedora-
### FAIL BOAT - BUT NO ERRORS
$ echo $?
255
$ rpm -qip fedora- release- 15-1.noarch. rpm | grep Signature
Signature : (none)