Howto batch sign RPM packages?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

I need to sign a bunch of RPM packages that have interdepencies:
build #1, sign #1, install #1, build #2, sign #2, install #2 etc.

Based on the info in bz436812 [1] I have created the key (RSA sign only,
4096bit, no sub keys) and put this in .rpmmacros:

%_signature gpg
%_gpg_path ~/.gnupg
%_gpg_name <KEY_ID>
%__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs \
   --digest-algo=sha1 --batch --no-verbose --no-armor \
    --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \
    -sbo %{__signature_filename} %{__plaintext_filename}

Now I don't want to type in a rather long and difficult passphrase every
time one of dozens of packages need to be signed and I also don't want
to temporarily remove the passphrase so am looking for a better solution
that works unattended after giving the passphrase once.
I looked at gpgwrap (part of pgp-tools in Fedora) but from the docs I
could not figure out how to make that work.

Anyone know howto set this up?

Thanks!
Patrick

[1] https://bugzilla.redhat.com/show_bug.cgi?id=436812
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux