[
http://jira.codehaus.org/browse/MRPM-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=189559#action_189559
]
Brett Okken commented on MRPM-45:
---------------------------------
Would something like this[1] be acceptable?
It would require that expect be installed, but does not look terribly
difficult. It may also mean changing the signing strategy a bit to build the
rpm and then sign it, rather than build and sign all in in step.
[1] - http://aaronhawley.livejournal.com/10615.html
> Allow specifying the gpg passphrase when signing the RPM i.e.
> ${gpg.passphrase}
> -------------------------------------------------------------------------------
>
> Key: MRPM-45
> URL: http://jira.codehaus.org/browse/MRPM-45
> Project: Mojo RPM Plugin
> Issue Type: New Feature
> Components: rpm
> Affects Versions: 2.0-beta-3
> Reporter: Luke Forehand
> Assignee: Brett Okken
>
> This would allow automation of building signed rpms, where the
> ${gpg.passphrase} could be stored in settings.xml for security reasons.
> I understand this may be a difficult task since rpmbuild itself does not
> accept a passphrase as a passthrough to gpg. Some trickery may be required,
> but it would be an excellent feature to use with tools such as Spacewalk,
> which requires a signed RPM to deploy.
> Using a gpg-agent to cache the passphrase is possibly an option but the cache
> expires.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
