Re: signing RPMs without a passphrase?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

thank you *Jeff*!
The first response in the link provided just seemed a little off-base to me. There's nothing intrinsically more secure about me typing in some passphrase vs. an automated procedure just skipping the step - AFAIK, GPG is used to provide file signature verification (along with mdt5 and whatever other hash algo. is employed). But it's also used to verify the entity that the RPM came from - an identity which the installer chooses to trust, passphrase notwithstanding. Am I missing something there? 

I'll check out keyutils - thank you very much for your help Jeff!

-lev

On Oct 7, 2008, at 5:16 PM, Jeff Johnson wrote:


Well 2004 was a long time ago. Times have changed too ...

FWIW, rpm-5 uses keyutils to store passphrases.

Which means that its possible to us keyutils to manage
a persistent session pass phrase, loaded before rpm is invoked,
and the passphrase will be passed to gpg for signinging packages.

But you can attempt signing without a pass phrase if you want too.

73 de Jeff

On Oct 7, 2008, at 7:26 PM, Aaron Hanson wrote:


https://www.redhat.com/archives/rpm-list/2004-March/msg00109.html


-----Original Message-----
From: rpm-list-bounces@xxxxxxxxxx [mailto:rpm-list-bounces@xxxxxxxxxx ] 
On Behalf Of Lev Lvovsky
Sent: Tuesday, October 07, 2008 4:18 PM
To: rpm-list@xxxxxxxxxx
Subject: signing RPMs without a passphrase?

Is it possible to sign an RPM without being asked the passphrase for
the signing key?  It hampers automated RPM creation to be asked for
the passphrase when building them.  Otherwise, is the only other
option just batch signing the RPMs after they've been created?

thanks,
-lev

_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/rpm-list


_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/rpm-list


_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/rpm-list


_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/rpm-list
[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux