Using gpg with rpm

James H. Cloos Jr. cloos at jhcloos.com
Tue Dec 29 15:18:45 CET 1998


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Rat" == Stainless Steel Rat <ratinox at peorth.gweep.net> writes:

Rat> rpm uses whatever version of PGP is available.  One should be
Rat> able to use any version of PGP that groks PGP 2.6.x command line
Rat> arguments, which means GPG should be an easy drop-in replacement.
Rat> Red Hat RPMs have RSA signatures because of the version of PGP
Rat> they use.

(My comments are based on the current cvs src for rpm, if it makes any
difference.)

gpg does not support, in my tests, the options rpm uses when it calls
pgp.  +myname, +batchmode, +verbose, +armor and -f must be translated;
getenv("PGPPASSFD") must be translated to --pashphrase-fd.  In the
case of a verify, gpg requires --verify where rpm passes nothing.

While I would prefer to see rpm updated to call gpg directly, and rpm
users to only sign with gpg generated key pairs, we are not there yet;
backward compatability is still necessary.  Especially until RHCN can
handle non RSA keys for sigs.

Making the installation of pgp unnecessary is at least a step in the
right direction.

- -JimC
- --
mJames H. Cloos, Jr.       <http://www.jhcloos.com/cloos/pgp_public_key.txt>
<cloos at jhcloos.com>      E9E9 F828 61A4 6EA9 0F2B  63E7 997A 9F17 ED7D AEA6


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE2iUcymXqfF+19rqYRAsbRAKCYDrDiyA4sef8qCE+mOl7IeRmccwCeO0wP
WM2ahXgoV2ApjxH0RsVFTjw=
=7Fpg
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list