Mark wrote:
>> I don't personally see the problem with manually signing though. I
>> build packages in mock under a build account setup specifically for
>> packaging. Once the packages are built, I sign them from my normal
>> user account (e.g.: rpm --addsign ~build/mock/<package>/*.rpm).
>
> well.. signing a few packages by hand isn't a problem at all. but
> signing about 50 packages is.
You only have to enter your password once per signing operation. So
you can do your builds and then sign them all at once -- you'll only
be prompted for the passphrase once.
If you incorporate this into a script you can sign all of the packages
in your build tree and then move them to a yum repo and then run
createrepo to update the metadata. If you're building a lot of
packages (enough that signing them individually at build time is a
pain), then that's how I'd proceed.
> And removing the password completely seems like a good possibility.
> i wish rpmbuild (or rpm) was allowing something like this:
> rpmbuild -ba --sign="the key" my_rpm.spec
> or
> rpmbuild -ba --sign --passphrase "the key" my_rpm.spec
I'd be happy if I could use gpg-agent to unlock the keys. I don't
think it is, but it's been a long time since I looked at it. Things
may have changed since then (either in rpm or in my ability to bend it
to my wishes).
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Two things are infinite: the universe and human stupidity;
and I'm not sure about the the universe.
-- Albert Einstein (1879-1955)
Attachment:
pgp8K8vHSibUv.pgp
Description: PGP signature
