Signing built RPMs or how to create signed RPMs.
Allen Hewes
allen at decisiv.net
Wed Dec 15 03:45:31 UTC 2010
Hi Pierre,
>
> I'am using Koji + sign_unsigned.py + mash to build RPM on CentOS5
>
I'm interested in hearing about this from you.
If you run sign_unsigned.py how can you be using mash to create yum repos?
>From what I can tell, mash can only work with Koji tags as a source and a file system path as a destination. Are you putting RPM headers back into koji then running mash?
Can you explain how you're doing this? (I am still a Koji neophyte, so go slow...)
> I have modified sign_unsigned.py to manage the passphrase. If
> option is not used, sign_unsigned.py gives an empty
> passphrase to 'rpm --resign' command.
>
> Add the Python expect module in import section (pexpect RPM
> must installed) :
>
> import getpass
> +import pexpect
>
> Add the --passwd option in __init__() from SignUnsigned class:
>
> + self.parser.add_option("--passwd", action="store_true")
>
> Replace these lines in do_signing()
>
> - # loop in case password is mistyped
> - while os.system(cmd):
> - # sleep briefly (give user a chance to ctrl-C)
> - time.sleep(2)
> + # Use expect to give the passphrase
> + # LANG=C to have english question 'pass phrase'
> + os.environ['LC_ALL'] = 'C'
> + child = pexpect.spawn(cmd)
> + # Wait for 'pass phrase'
> + child.expect('phrase:')
> + if not self.options.passwd:
> + child.sendline('\r')
> + else:
> + child.sendline("%s" % self.options.passwd)
> + child.expect(pexpect.EOF)
>
And Thanks for patch! I think I will have a need for it.
/allen
More information about the buildsys
mailing list