rpm-list

[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: signing RPMs without a passphrase? Jeff Johnson Thu Oct 09 11:01:15 2008


On Oct 9, 2008, at 12:46 PM, Lev Lvovsky wrote:

Jeff,

On Oct 7, 2008, at 5:16 PM, Jeff Johnson wrote:

Well 2004 was a long time ago. Times have changed too ...

FWIW, rpm-5 uses keyutils to store passphrases.

Which means that its possible to us keyutils to manage
a persistent session pass phrase, loaded before rpm is invoked,
and the passphrase will be passed to gpg for signinging packages.

But you can attempt signing without a pass phrase if you want too.

In my excitement, I assumed a bit too much about the system that you've described - from the following rpm-devel thread:

http://rpm5.org/community/rpm-devel/1440.html

It looks like this implementation has been discussed, but I've not found any documentation on how to actually use it - is there any out there?


There's not much from an rpm POV to document.

The entire implementation is in rpmio/rpmku.c if interested.

If you are interested in a persistent session key, then you
need to this configuration
        %_keyutils_keyring session
iirc.

Then use keyutils utilities to load the GPG password
into the keyutils retrieval token
        rpm:passwd

And its up to the user to protect their keyutils session keyring
through whatever means they choose.

73 de Jeff

you need to change this macro:

thanks,
-lev

_______________________________________________
Rpm-list mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/rpm-list

_______________________________________________
Rpm-list mailing list
[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/rpm-list