On Wed, Mar 10, 2004 at 02:56:04PM -0800, Jeff Johnson wrote: >On Wed, Mar 10, 2004 at 02:56:04PM -0800, Aaron Hanson wrote: >> Hi All- >> >> This may be more about gpg but anyways: I'm trying to sign >> packages in an automated build. When I created my gpg keys, I couldn't >> see a way to make the keys 'unprotected'; i.e. no passphrase. I just >> provided a zero-length phrase. >> >> Even with the zero length phrase, when I invoke 'rpmbuild --sign >> [opts] [spec]', gpg still prompts for a passphrase. Any ideas on how >> to get around this? Thanks. >> > >Automagic signing of rpm pkgs is doable but excruciatingly complex. >...snip...< >AFAIK (and I just checked) rpm will not close the extra fd. > >You may still be fighting rpm's invocation of getpass(3), a little treachery with an > expect script and a pseudo-tty might solve that problem. >In fact, a little treachery with expect might solve the whole mess more efficiently. Thanks; these are the lines I was thinking along. I'll give it a try. Something else that makes me curious; RPM 4.2 is apparently capable of signing a package with a 2048-bit RSA key, but not verifying the same; [root@localhost root]# rpm -K <package> <package>: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#3c494ff0) I'm using gpg to generate these keys. Do I misunderstand the gpg-rpm interaction? -Aaron _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
