Re: How do i auto sign rpm's with rpmbuild?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Mark wrote:
>> I don't personally see the problem with manually signing though.  I
>> build packages in mock under a build account setup specifically for
>> packaging.  Once the packages are built, I sign them from my normal
>> user account (e.g.: rpm --addsign ~build/mock/<package>/*.rpm).
> well.. signing a few packages by hand isn't a problem at all.  but
> signing about 50 packages is.

You only have to enter your password once per signing operation.  So
you can do your builds and then sign them all at once -- you'll only
be prompted for the passphrase once.

If you incorporate this into a script you can sign all of the packages
in your build tree and then move them to a yum repo and then run
createrepo to update the metadata.  If you're building a lot of
packages (enough that signing them individually at build time is a
pain), then that's how I'd proceed.

> And removing the password completely seems like a good possibility.
> i wish rpmbuild (or rpm) was allowing something like this:
> rpmbuild -ba --sign="the key" my_rpm.spec
> or
> rpmbuild -ba --sign --passphrase "the key" my_rpm.spec

I'd be happy if I could use gpg-agent to unlock the keys.  I don't
think it is, but it's been a long time since I looked at it.  Things
may have changed since then (either in rpm or in my ability to bend it
to my wishes).

Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL:
Two things are infinite: the universe and human stupidity;
and I'm not sure about the the universe.
     -- Albert Einstein (1879-1955)

Attachment: pgp8K8vHSibUv.pgp
Description: PGP signature

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux