Hi, I need to sign a bunch of RPM packages that have interdepencies: build #1, sign #1, install #1, build #2, sign #2, install #2 etc. Based on the info in bz436812 [1] I have created the key (RSA sign only, 4096bit, no sub keys) and put this in .rpmmacros: %_signature gpg %_gpg_path ~/.gnupg %_gpg_name <KEY_ID> %__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs \ --digest-algo=sha1 --batch --no-verbose --no-armor \ --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \ -sbo %{__signature_filename} %{__plaintext_filename} Now I don't want to type in a rather long and difficult passphrase every time one of dozens of packages need to be signed and I also don't want to temporarily remove the passphrase so am looking for a better solution that works unattended after giving the passphrase once. I looked at gpgwrap (part of pgp-tools in Fedora) but from the docs I could not figure out how to make that work. Anyone know howto set this up? Thanks! Patrick [1] https://bugzilla.redhat.com/show_bug.cgi?id=436812 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos