[Rpm-maint] [rpm-software-management/rpm] EdDSA-signed RPMs signable but not installable (Issue #1877)

Jan Engelhardt notifications at github.com
Mon Jan 3 21:11:12 UTC 2022


I'm on rpm-4.17.0 and gpg2-2.3.4 on openSUSE Tumbleweed.

```
$ gpg --list-keys
pub   ed25519/0xF76EFE5D0C223A8F 2022-01-03 [SC] [expires: 2027-01-02]
      Key fingerprint = BCA0 C5C3 09CA C569 E74A  921C F76E FE5D 0C22 3A8F
$ gpg -a --export 0xF76EFE5D0C223A8F >1.key
# rpm --import 1.key

$ echo "%_gpg_name 0xF76EFE5D0C223A8F" >>~/.rpmmacros
$ rpm --resign xbomb-2.2b-1.24.x86_64.rpm
(any rpm file will do)
Please enter the passphrase...[...]
# rpm -Uhv xbomb-2.2b-1.24.x86_64.rpm
error: xbomb-2.2b-1.24.x86_64.rpm: Header V4 EdDSA/SHA512 Signature, key ID 0c223a8f: BAD
error: xbomb-2.2b-1.24.x86_64.rpm cannot be installed
```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1877
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/1877 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220103/ac4a8bb4/attachment.html>


More information about the Rpm-maint mailing list