Skip to content

Simplify document about rpm signing with passphrase #21

Description

@maage

Look at the default value of the RPM macro named "__gpg_sign_cmd" in /usr/lib/rpm/macros, or with rpm --eval:

The feature was added in commit: rpm-software-management/rpm@932f14f

In all modern systems with rpm >= 4.14.0-rc1, you should be able to rely on _gpg_sign_cmd_extra_args as upstream feature.

If your __gpg_sign_cmd is defined as:

#==============================================================================
# ---- GPG/PGP/PGP5 signature macros.
#       Macro(s) to hold the arguments passed to GPG/PGP for package
#       signing and verification.
#

%__gpg_sign_cmd                 %{__gpg} \
        gpg --no-verbose --no-armor \
        %{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \
        --no-secmem-warning \
        %{?_gpg_sign_cmd_extra_args:%{_gpg_sign_cmd_extra_args}} \
        -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}

Then _gpg_sign_cmd_extra_args is exactly the feature you need. You can do this just by adding this to .rpmmacros:

%_gpg_sign_cmd_extra_args --pinentry-mode loopback

And now you can be sure you are not going to break __gpg_sign_cmd in the future.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions