gnupg 2.1 vs rpmsign

Dimitri John Ledkov dimitri.j.ledkov at intel.com
Mon Nov 24 11:04:23 CET 2014


It appears that rpmsign does not co-operate well enough with gnupg.

Reading the rpm source code, it forks, creates file-descriptors, wraps
gnupg exec call in those file-descriptors and hopes to pass the
passphrase via "--passphrase-fd 3" and that fails.

However if I perform any other gpg operation with a private key (e.g.
sign an arbitrary file) then gpg-agent is spawned and pinentry
passphrase is stored, then subsequent calls to gpgsign succeed even if
a bogus passphrase is passed to rpmsign/gpg --passphrase-fd.

What should rpmsign be doing instead? (cause it looks like
--passphrase-fd option is no longer supported by gpg 2.1)

E.g. should it use gpg-preset-passphrase --passphrase STRING and then
invoke gpg command?

-- 
Regards,

Dimitri.

Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ.



More information about the Gnupg-devel mailing list