This is a terrible hack. If you are easily offended by bad ideas implemented poorly, move along! You are working on a wonderful open source project…but you are not supposed to be working on that project! You’re supposed to be doing your real work! Unfortunately, your extra-curricular activity is well documented in the git history of your project for all to see: And now your boss knows why the TPS reports are late.

Fixing rpmsign with evil magic At my office we are developing a deployment mechanism for RPM packages. The general workflow looks like this: You build a source rpm on your own machine. You sign the rpm with your GPG key. You submit the source RPM to our buildserver. The buildserver validates your signature and then builds the package. The buildserver signs the package using a master signing key. The last step in that sequence represents a problem, because the rpmsign command will always, always prompt for a password and read the response from /dev/tty.