automate rpm signing?
Dennis Gilmore
dennis at ausil.us
Wed Nov 22 15:34:54 UTC 2006
Once upon a time Wednesday 22 November 2006 6:09 am, Karanbir Singh wrote:
> Dennis Gilmore wrote:
> > On Tuesday 21 November 2006 21:21, Douglas Hubler wrote:
> >> The Fedora website
> >> http://fedora.redhat.com/About/security/
> >> mentions Fedora builds are automatically signed. How is this done? rpm
> >> --addsign requires user input and is not gpg-aware
> >> http://lists.gnupg.org/pipermail/gnupg-users/2004-January/021302.html
> >
> > You can automate it by not putting a password on the gpgkey. most of the
> > rpms are manually signed for this reason. and all of extras are manually
> > signed. the only automated signed would be in rawhide and i think they
> > are generally not signed at all.
>
> iirc, even with a blank passwd, rpm's default behavior is to ask for a
> password anyway,
>
> 'expect' knows what to do :)
ive never tried so im not 100% sure. i had assumed that if i put no password
on the key i wouldnt be prompted. but i would not trust a situation like
that so i wont impose that on my users. :)
Dennis
More information about the Fedora-buildsys-list
mailing list