Rawhide signatures
Enrico Scholz
enrico.scholz at informatik.tu-chemnitz.de
Tue Jun 22 18:11:16 UTC 2004
walters at redhat.com (Colin Walters) writes:
>> There is a Fedora rawhide key (key ID 1CDDBCA9 I believe), but it's
>> really not practical right now to sign the packages, because the
>> rawhide push is completely automated, and signing requires manually
>> entering a password.
>
> Well you can certainly provide the passphrase programatically, something
> like:
>
> echo "my passphrase" 1>&3 | gpg --passphrase-fd=3 ...
No; rpm does not offer such an interface but expects the passphrase on a
tty everytime. I solved it for me with an 'expect' wrapper, but it is a
dirty hack :(
Overall, the gpg support in rpm is poor as it accepts special signatures
only[1] and there are no (reliable) tools[2] to check signatures based
on ordinary gpg keyrings (in opposite to current 'Pubkey' table which
requires root rights).
Enrico
Footnotes:
[1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123643
[2] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123650
More information about the fedora-devel-list
mailing list