Menu
I am trying to sign an RPM package that I created using GPG without typing the password, typing the password I can sign, however without typing the password is opening the message box Please enter the passphrase to unlock the OpenPGP secret key, I need the password not to be requested when signing the package, as this will be a script executed in "silent mode". I probably have the wrong command, but I'm having a hard time finding the solution.
This is the command I am trying to execute, and even then the password is requested:
gpg --batch --passphrase "78910" --clearsign test-1-0.x86_64.rpm
With this second command, the password is not requested:
echo "78910" | gpg --batch --passphrase-fd 0 --clearsign test-1-0.x86_64.rpm
However, the signature is not performed and returns the error described below:
gpg: signing failed: Inappropriate ioctl for device gpg: /test-1-0.x86_64.rpm: clear-sign failed: Inappropriate ioctl for device
With this third command, the reported error is different:
echo "78910" | gpg --batch --passphrase-fd 0 ~/.gnupg/trustdb.gpg --clearsign test-1-0.x86_64.rpm
Error message:
gpg: Note: '--clearsign' is not considered an option gpg: WARNING: no command supplied. Trying to guess what you mean ... usage: gpg [options] [filename]
This is my code to create the gpg key, i try create without password, but i receive error when the password value is empty.
#!/bin/bash
echo "Key-Type: 1" > gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: [email protected]" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "Passphrase: 78910" >> gen-key-script
echo "" >> gen-key-script
#---------------------------------------------------------
# GENERATE THE KEY
#---------------------------------------------------------
gpg --batch --gen-key gen-key-script
#---------------------------------------------------------
# .RPMMACROS
#---------------------------------------------------------
echo "%_gpg_name gpg test <[email protected]>" > ~/.rpmmacros
552
In case your GPG passphrase is empty:
I am aware this is a bit late answer, but it works for me the best since I don't have GPG passphrase (empty passphrase). You can implement some techniques to pass it securely on CLI without typing it, anyway it you have empty passphrase I think this is a good solution.
echo "" | setsid rpmbuild -bb --sign <filename>.spec
SOURCE: https://rpm-list.redhat.narkive.com/7hkHM9bp/signing-rpms-without-a-passphrase#post4
76
If you don't want to type the password you'll need to store your private key on disk without being protected by a password. That means that everybody who has access to the key file can sign your packages. Decide if you want that.
If you don't want to protect the key use %no-protection, like this:
echo "%no-protection" > gen-key-script
echo "Key-Type: 1" >> gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: [email protected]" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "" >> gen-key-script
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
