On Mon, Aug 27, 2007 at 10:17:17PM +0200, Mark wrote: > > I don't personally see the problem with manually signing though. I > > build packages in mock under a build account setup specifically for > > packaging. Once the packages are built, I sign them from my normal > > user account (e.g.: rpm --addsign ~build/mock/<package>/*.rpm). > > well.. signing a few packages by hand isn't a problem at all. > but signing about 50 packages is. I find the following only requires entering the pass phrase once: find $(rpm --eval "%{_topdir}") -iname 'Linu*rpm' -exec rpm --addsign {} + If you want to sign them all in one swell foop, that should do it. You will probably want to modify the argument to -iname. > > And removing the password completely seems like a good possibility. > i wish rpmbuild (or rpm) was allowing something like this: > rpmbuild -ba --sign="the key" my_rpm.spec > or > rpmbuild -ba --sign --passphrase "the key" my_rpm.spec > > Just the option for that would be gread. Unfortunately, that has security implications. The passphrase would be in the script. Also, when the script ran, the passphrase would be in memory and another user could see it with a suitable application of ps and other tools. -- Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
Attachment:
pgpRV7ZcflPTJ.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list