[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: signing RPMs without a passphrase? Jeff Johnson Thu Oct 09 11:01:15 2008

On Oct 9, 2008, at 12:46 PM, Lev Lvovsky wrote:


On Oct 7, 2008, at 5:16 PM, Jeff Johnson wrote:

Well 2004 was a long time ago. Times have changed too ...

FWIW, rpm-5 uses keyutils to store passphrases.

Which means that its possible to us keyutils to manage
a persistent session pass phrase, loaded before rpm is invoked,
and the passphrase will be passed to gpg for signinging packages.

But you can attempt signing without a pass phrase if you want too.

In my excitement, I assumed a bit too much about the system that you've described - from the following rpm-devel thread:


It looks like this implementation has been discussed, but I've not found any documentation on how to actually use it - is there any out there?

There's not much from an rpm POV to document.

The entire implementation is in rpmio/rpmku.c if interested.

If you are interested in a persistent session key, then you
need to this configuration
        %_keyutils_keyring session

Then use keyutils utilities to load the GPG password
into the keyutils retrieval token

And its up to the user to protect their keyutils session keyring
through whatever means they choose.

73 de Jeff

you need to change this macro:


Rpm-list mailing list

Rpm-list mailing list