[Rpm-maint] [rpm-software-management/rpm] Help with rpm signing automation (Discussion #3827)
nishaanth-ms-21155
notifications at github.com
Mon Jun 23 05:11:47 UTC 2025
Hi all,
I'm working on automating RPM signing using a GPG key that is protected with a passphrase. I'm using the rpm --addsign command in a scripted environment.
I've already configured my ~/.rpmmacros as follows:
`%_gpg_name <Owner's name>`
However, when running:
`rpm --addsign mypackage.rpm`
…it still prompts interactively for the GPG passphrase, which blocks automation.
I'd like to sign the RPM non-interactively, ideally by passing the passphrase via an agent or through a programmatic mechanism. I've tried the following without success:
Ensuring gpg-agent is running and caching the key.
Using --batch or scripting around expect (not ideal).
Setting environment variables like GPG_TTY.
Is there a recommended or secure way to fully automate rpm --addsign with a GPG key that has a passphrase?
Environment:
CentOS 10
( If it's achievable to create a yum repo and sign inside Ubuntu (where I build the app), that would be awesome. Please mention if it's possible/not)
Thanks in advance
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3827
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/repo-discussions/3827 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250622/51a5e090/attachment.htm>
More information about the Rpm-maint
mailing list