Rpm sign command uses getpass() method to read passphrase and hence there is no direct way to send passphrase by redirection in a shell script.
One alternative to that is to use Expect script (You need to have expect installed. RPMs are available in standard linux distros). Here is a snippet of code that explains how it works:
########BEGIN#############################
function expect_script
{
cat << End-of-text #No white space between << and End-of-text
spawn rpm --resign $RPMFILE
expect -exact "Enter pass phrase: "
send -- "${RPMPWD}\r"
expect eof
exit
End-of-text
}
function sign_rpm
{
echo "Signing RPM..."
expect_script | /usr/bin/expect -f -
}
## Main execution
RPMFILE="$*"
sign_rpm
##############END ##############################
RPMPWD is the passphrase. It should be set in the enviroment before sign_rpm is being called.
Of course, before running this script GPG private/public keys must have been imported in GPG keyring and public key must have been imported in RPM database also.
Monday, June 21, 2010
Subscribe to:
Post Comments (Atom)
3 comments:
I've solved the same problem by overriding the getpass() function call using function interposition via LD_PRELOAD.
I am not suggesting that this is a better solution...I just like playing around with LD_PRELOAD.
You can sign in bulk using the --resign switch.
rpm --resign *.rpm
Post a Comment