[CentOS] Howto batch sign RPM packages?
Patrick Lists
centos-list at puzzled.xs4all.nlThu Dec 9 22:28:51 UTC 2010
- Previous message: [CentOS] PERC 6/E continue switch between "write though" and "write back"????
- Next message: [CentOS] Howto batch sign RPM packages?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, I need to sign a bunch of RPM packages that have interdepencies: build #1, sign #1, install #1, build #2, sign #2, install #2 etc. Based on the info in bz436812 [1] I have created the key (RSA sign only, 4096bit, no sub keys) and put this in .rpmmacros: %_signature gpg %_gpg_path ~/.gnupg %_gpg_name <KEY_ID> %__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs \ --digest-algo=sha1 --batch --no-verbose --no-armor \ --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" \ -sbo %{__signature_filename} %{__plaintext_filename} Now I don't want to type in a rather long and difficult passphrase every time one of dozens of packages need to be signed and I also don't want to temporarily remove the passphrase so am looking for a better solution that works unattended after giving the passphrase once. I looked at gpgwrap (part of pgp-tools in Fedora) but from the docs I could not figure out how to make that work. Anyone know howto set this up? Thanks! Patrick [1] https://bugzilla.redhat.com/show_bug.cgi?id=436812
- Previous message: [CentOS] PERC 6/E continue switch between "write though" and "write back"????
- Next message: [CentOS] Howto batch sign RPM packages?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list