automate rpm signing?
Oliver Falk
oliver at linux-kernel.at
Thu Nov 23 08:14:46 UTC 2006
On 11/22/2006 04:34 PM, Dennis Gilmore wrote:
> Once upon a time Wednesday 22 November 2006 6:09 am, Karanbir Singh wrote:
>> Dennis Gilmore wrote:
>>> On Tuesday 21 November 2006 21:21, Douglas Hubler wrote:
>>>> The Fedora website
>>>> http://fedora.redhat.com/About/security/
>>>> mentions Fedora builds are automatically signed. How is this done? rpm
>>>> --addsign requires user input and is not gpg-aware
>>>> http://lists.gnupg.org/pipermail/gnupg-users/2004-January/021302.html
>>> You can automate it by not putting a password on the gpgkey. most of the
>>> rpms are manually signed for this reason. and all of extras are manually
>>> signed. the only automated signed would be in rawhide and i think they
>>> are generally not signed at all.
>> iirc, even with a blank passwd, rpm's default behavior is to ask for a
>> password anyway,
>>
>> 'expect' knows what to do :)
>
> ive never tried so im not 100% sure. i had assumed that if i put no password
> on the key i wouldnt be prompted. but i would not trust a situation like
> that so i wont impose that on my users. :)
Yes, rpm always asks... And yes, expect knows what to do:
#!/usr/bin/expect
set p ""
set f [lindex $argv 0]
spawn rpm --resign $f
expect "Enter pass phrase:"
send -- "$p\r"
expect eof
The other way; Use perl (
http://search.cpan.org/~nanardon/RPM4-0.20/lib/RPM4.pm). RPM4 also knows
how to do it...
Best,
Oliver
More information about the Fedora-buildsys-list
mailing list