[
http://jira.codehaus.org/browse/MRPM-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=189572#action_189572
]
Luke Forehand commented on MRPM-45:
-----------------------------------
Brett, this is exactly what I was thinking. The signing could happen after the
RPM build. I don't think requiring expect is a big deal.
Wendy, I did infact attempt to use the gpg plugin to perform the signing of the
RPM after the rpm build, but I couldn't get the gpg plugin to actually sign the
rpm, it just placed ascii signature files next to the rpm. Maybe I was doing
something wrong.
> Allow specifying the gpg passphrase when signing the RPM i.e.
> ${gpg.passphrase}
> -------------------------------------------------------------------------------
>
> Key: MRPM-45
> URL: http://jira.codehaus.org/browse/MRPM-45
> Project: Mojo RPM Plugin
> Issue Type: New Feature
> Components: rpm
> Affects Versions: 2.0-beta-3
> Reporter: Luke Forehand
> Assignee: Brett Okken
>
> This would allow automation of building signed rpms, where the
> ${gpg.passphrase} could be stored in settings.xml for security reasons.
> I understand this may be a difficult task since rpmbuild itself does not
> accept a passphrase as a passthrough to gpg. Some trickery may be required,
> but it would be an excellent feature to use with tools such as Spacewalk,
> which requires a signed RPM to deploy.
> Using a gpg-agent to cache the passphrase is possibly an option but the cache
> expires.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
