[CentOS] Passing password to script for rpmsign of list of .rpm files

Sat May 21 00:45:39 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

This is repeated reply, so it is properly threaded. Sorry for double post.

Marian Marinov wrote:
 > >
 > > You should also check this:
 > >
 > > http://blogs.23.nu/till/2008/12/rpm-addsign-with-gpg-agent/
 > >
I am not really trilled by entering blank passwords.

Anyhow, I have developed nice script for automatic signing of (--addsign
= only unsigned, --resign = all) rpm's.

1) It supports subdirectories of unlimited? depth.
2) Password is only asked once.
3) Timestamps are preserved.
4) Script outputs check of rpm's together with active GPG Key ID and
time of signing. Useful for final check and logging.

I hope this script will find good use for rpm packagers.

I named the script "rpm-autosign".

NOTICE: I forgot to filter only files so I had to change code. Improved is:



# Author Ljubomir Ljubojevic <office at plnet dot rs>

for i in $(find . -type f | grep .rpm); do
     touch -r "$i" "$i.zzz"

#rpmsign --resign `find . | grep .rpm | grep -v .zzz`
rpmsign --addsign `find . -type f | grep .rpm | grep -v .zzz`

for i in $(find . -type f | grep .rpm | grep -v .zzz); do
     touch -r "$i.zzz" "$i"

for i in $(find . -type f | grep .zzz); do
     rm -f "$i"

#rpmsign --checksig `find . | grep .rpm`

rpm -qp `find . -type f | grep .rpm` --qf='%-{NAME} %{BUILDHOST}
%{PACKAGER} %{SIGGPG:pgpsig} \n'
Notice that last line is broken in two by mail client.


CentOS mailing list
CentOS at centos.org