Fixing rpmsign with evil magic
At my office we are developing a deployment mechanism for RPM packages. The general workflow looks like this:
- You build a source rpm on your own machine.
- You sign the rpm with your GPG key.
- You submit the source RPM to our buildserver.
- The buildserver validates your signature and then builds the package.
- The buildserver signs the package using a master signing key.
The last step in that sequence represents a problem, because the rpmsign
command will always, always prompt for a password and read the response from
/dev/tty. This means that (a) you can’t easily provide the password on stdin,
and (b) you can’t fix the problem using a passwordless key.