Mark wrote: >> I don't personally see the problem with manually signing though. I >> build packages in mock under a build account setup specifically for >> packaging. Once the packages are built, I sign them from my normal >> user account (e.g.: rpm --addsign ~build/mock/<package>/*.rpm). > > well.. signing a few packages by hand isn't a problem at all. but > signing about 50 packages is. You only have to enter your password once per signing operation. So you can do your builds and then sign them all at once -- you'll only be prompted for the passphrase once. If you incorporate this into a script you can sign all of the packages in your build tree and then move them to a yum repo and then run createrepo to update the metadata. If you're building a lot of packages (enough that signing them individually at build time is a pain), then that's how I'd proceed. > And removing the password completely seems like a good possibility. > i wish rpmbuild (or rpm) was allowing something like this: > rpmbuild -ba --sign="the key" my_rpm.spec > or > rpmbuild -ba --sign --passphrase "the key" my_rpm.spec I'd be happy if I could use gpg-agent to unlock the keys. I don't think it is, but it's been a long time since I looked at it. Things may have changed since then (either in rpm or in my ability to bend it to my wishes). -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe. -- Albert Einstein (1879-1955)
Attachment:
pgpCFn8TVDcOn.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list