[CentOS] Passing password to script for rpmsign of list of .rpm files

Sat May 21 08:32:18 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

Nicolas Thierry-Mieg wrote:
> John R. Dennison wrote:
>> On Sat, May 21, 2011 at 09:30:06AM +0200, Nicolas Thierry-Mieg wrote:
>>> Ljubomir Ljubojevic wrote:
>>>> for i in $(find . -type f | grep .rpm); do
>>>> rpmsign --addsign `find . -type f | grep .rpm | grep -v .zzz`
>>> just a small comment, grep uses regexps so this doesn't do what you want
>>> (eg the . is a wildcard char). Your script can break, silently (won't
>>> sign rpms whose name contains "any char followed by zzz") or not (will
>>> attempt to rpmsign eg myrpms.pl), with some particular file names.
>>> what you really want is files ending with .rpm, so:
>>> grep '\.rpm$'
>> Why are people passing this off to grep?
>> rpmsign --addsign $(find . -type f -name \*.rpm ! -name \*.zzz)
> agreed, using find alone is "another way to do it", although as stated 
> by John Pierce the second -name is useless here.
> I was pointing out a flaw in the code and offering a correction using 
> "the same way to do it".

I did some checking, yes
find . -type f -name \*.rpm
does what I need it to do. Original command from KB's blog just used 
something like
"find . -type f -name *.rpm"
, without "\" before *.rpm so I used grep to correct. I was not aware of 
   benefit of "\", finding examples for command "find" is little harder 
to google since it is VERY common word in general. Thanks for pointing 
this out.

Using \*.rpm eliminates need for anything that contains ".zzz"


Part of e-mail from OT:

Anyhow, I have developed nice script for automatic signing of (--addsign
= only unsigned, --resign = all) rpm's.

1) It supports subdirectories of unlimited? depth.
2) Password is only asked once.
3) Timestamps are preserved.
4) Script outputs check of rpm's together with active GPG Key ID and
time of signing. Useful for final check and logging.

I hope this script will find good use for rpm packagers.

I named the script "rpm-autosign".

And the code is:

# Author Ljubomir Ljubojevic <office at plnet dot rs>
for i in $(find . -type f -name \*.rpm); do
     touch -r "$i" "$i.zzz"
rpmsign --addsign `find . -type f -name \*.rpm`
for i in $(find . -type f -name \*.rpm); do
     touch -r "$i.zzz" "$i"
for i in $(find . -type f -name \*.zzz); do
     rm -f "$i"
#rpmsign --checksig `find . -name \*.rpm`
rpm -qp `find . -type f -name \*.rpm` --qf='%-{NAME} %{BUILDHOST}
%{PACKAGER} %{SIGGPG:pgpsig} \n'

Notice that last line is broken in two by mail client.