Signing an rpm package at build-time automatically
Björn Persson
listor1.rombobeorn at comhem.se
Thu Jul 1 13:20:38 UTC 2004
Didier Casse wrote:
> Now on my system I need to build rpm automatically ( without human
> intervention)! Is it possible to have my paraphrase being read in a file
> rather than me sitting in front of the computer and actually typing it?
I would suggest that you create a special key for automated signing and
store it without a passphrase but closely guarded by file access
permissions. This is the usual thing to do when programs need to use
crypto keys without manual interaction. There's no point in encrypting a
key with a passphrase and then storing the passphrase on the disk.
That's no more secure than keeping the key unencrypted.
I'm not familiar with rpmbuild, but you can hope that it doesn't ask for
a passphrase if none is needed.
If you like you can keep the autosigning key on an encrypted disk and
type the password for the disk when it is mounted at boot. That way the
key will be safe when the computer is off, even if someone steals your disk.
Sign the autosigning key with your personal key.
Björn Persson
More information about the users
mailing list