[Rpm-maint] [rpm-software-management/rpm] RFE: automatically sign packages on build (Issue #2678)

Panu Matilainen notifications at github.com
Thu Sep 28 09:25:31 UTC 2023


Yup, rpm used to have --sign option to rpmbuild but I removed it for that very reason: back then it asked for the password at the very beginning of a build and then used it to sign any built packages. 

Note that the actual use-case here is essentially to "allow locally built packages to be installed without --nosignature", rather than something distributors would use. That "install freshly  built local packages" case exists even inside buildsystems like koji/copr/mock when chain-building that will eventually sign the packages even now. The security requirements for this kind of thing are quite different from your "real" signing keys.

Rpm (currently) uses the key set in %_gpg_name macro, in the form of "whatever gpg will recognize as a key identifier". 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2678#issuecomment-1738796258
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2678/1738796258 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230928/45dcd26b/attachment.html>


More information about the Rpm-maint mailing list