gnupg 2.1 vs rpmsign
Dimitri John Ledkov
dimitri.j.ledkov at intel.com
Mon Nov 24 11:04:23 CET 2014
It appears that rpmsign does not co-operate well enough with gnupg.
Reading the rpm source code, it forks, creates file-descriptors, wraps
gnupg exec call in those file-descriptors and hopes to pass the
passphrase via "--passphrase-fd 3" and that fails.
However if I perform any other gpg operation with a private key (e.g.
sign an arbitrary file) then gpg-agent is spawned and pinentry
passphrase is stored, then subsequent calls to gpgsign succeed even if
a bogus passphrase is passed to rpmsign/gpg --passphrase-fd.
What should rpmsign be doing instead? (cause it looks like
--passphrase-fd option is no longer supported by gpg 2.1)
E.g. should it use gpg-preset-passphrase --passphrase STRING and then
invoke gpg command?
Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.
More information about the Gnupg-devel