Re: Howto batch sign RPM packages?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Patrick Lists ÐÐÑÐÑ:
> Hi,
>
> I need to sign a bunch of RPM packages that have interdepencies:
> build #1, sign #1, install #1, build #2, sign #2, install #2 etc.
>
> Based on the info in bz436812 [1] I have created the key (RSA sign only,
> 4096bit, no sub keys) and put this in .rpmmacros:
>
> %_signature gpg
> %_gpg_path ~/.gnupg
> %_gpg_name<KEY_ID>
> %__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs \
>     --digest-algo=sha1 --batch --no-verbose --no-armor \
>      --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \
>      -sbo %{__signature_filename} %{__plaintext_filename}
>
> Now I don't want to type in a rather long and difficult passphrase every
> time one of dozens of packages need to be signed and I also don't want
> to temporarily remove the passphrase so am looking for a better solution
> that works unattended after giving the passphrase once.
> I looked at gpgwrap (part of pgp-tools in Fedora) but from the docs I
> could not figure out how to make that work.
>
> Anyone know howto set this up?
>    
After building a bunch of packages it can be easily signed by this way:

rpm --resign *.rpm

if you need to sign packages from other account:

su -c "rpm --resign *.rpm" username

So it requires to type password only once.
It may be worth to move packages to some directory to avoid resigning of 
another packages, or you can change command and use names of packages 
instead of wildmarked name.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux