[
http://jira.codehaus.org/browse/MRPM-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=189605#action_189605
]
Brett Okken commented on MRPM-45:
---------------------------------
The other problem is that your passphrase is going to be visible in plain text
if you run maven in debug mode (i.e. mvn package -X).
The only way I see around that is to utilize a "complex" wrapper object for the
keyPassphrase attribute of the MOJO. The draw back to that, however, is that
the property ${gpg.passphrase} would not be automagically linked to the
attribute. Rather you would have to put it in your pom:
<keyPassphrase>
<passphrase>${gpg.passphrase}</passphrase>
</keyPassphrase>
> Allow specifying the gpg passphrase when signing the RPM i.e.
> ${gpg.passphrase}
> -------------------------------------------------------------------------------
>
> Key: MRPM-45
> URL: http://jira.codehaus.org/browse/MRPM-45
> Project: Mojo RPM Plugin
> Issue Type: New Feature
> Components: rpm
> Affects Versions: 2.0-beta-3
> Reporter: Luke Forehand
> Assignee: Brett Okken
>
> This would allow automation of building signed rpms, where the
> ${gpg.passphrase} could be stored in settings.xml for security reasons.
> I understand this may be a difficult task since rpmbuild itself does not
> accept a passphrase as a passthrough to gpg. Some trickery may be required,
> but it would be an excellent feature to use with tools such as Spacewalk,
> which requires a signed RPM to deploy.
> Using a gpg-agent to cache the passphrase is possibly an option but the cache
> expires.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
