signing a variable list of packages

Stuart D Gathman stuart at gathman.org
Wed Jul 27 17:35:01 UTC 2022


On Tue, 26 Jul 2022, Tim Mooney wrote:

> My question is whether there's a programmatic way to determine all of
> the packages that would be generated from a single run of rpmbuild with

I always use mock to build rpms.  When it's done, all the rpms to be
signed are collected in the results directory.

This also ensure the BuildRequires are correct, that no secret network
access to online repos is made, etc, and is slightly more protected
against buggy build scripts (rm -rf * tmp) being inside a container 
(of course any competent malware would simply infect the output applications).

Put /var/lib/mock on a tmpfs for best performance.


More information about the Rpm-list mailing list