CentOS - May 2011 - Passing password to script for rpmsign of list of .rpm files

I am trying to automatize signing of unsigned .rpm files. My repo has at 
least 50 x 3 packages.

But I would have to type numerous passwords for each file. I can not see 
hot to pass pass phrase to script.

rpmsign --resign {--pass=??} <filename from list> ????

Can someone advise me how to do that?

Ljubomir

On Fri, 20 May 2011, Ljubomir Ljubojevic wrote:
> I am trying to automatize signing of unsigned .rpm files. My repo has at
> least 50 x 3 packages.
>
> But I would have to type numerous passwords for each file. I can not see
> hot to pass pass phrase to script.
>
> rpmsign --resign {--pass=??} <filename from list> ????
>
> Can someone advise me how to do that?
http://www.karan.org/blog/index.php/2011/05/06/sign-multiple-rpms-with-one-command

jh

On Fri, 20 May 2011, Ljubomir Ljubojevic wrote:
> To: CentOS mailing list <centos at centos.org>
> From: Ljubomir Ljubojevic <office at plnet.rs>
> Subject: [CentOS] Passing password to script for rpmsign of list of .rpm
files
> 
> I am trying to automatize signing of unsigned .rpm files. My repo has at
> least 50 x 3 packages.
>
> But I would have to type numerous passwords for each file. I can not see
> hot to pass pass phrase to script.
>
> rpmsign --resign {--pass=??} <filename from list> ????
>
> Can someone advise me how to do that?
>
Hi Ljubomir.

Not sure if this would work for signing packages, but I use 
this script to start all services listed in a text file:

#!/bin/bash

# Start all services on machine

echo
echo 
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo "Running script: $0"
echo 
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
echo

# start all services listed in service-names
xargs -a ./service-names -i chkconfig --level 2345 {} on

# list the status of services in service-names file
echo "All services are now turned on (all those listed in 
service-names file)
"
echo "for run levels 2345"
echo
xargs -a ./service-names -i chkconfig --list {}
echo

exit 0

You may be able to modify the above script to do what you 
need it to. xargs is in the findutils package:

Name       : findutils
Arch       : i386
Epoch      : 1
Version    : 4.2.27
Release    : 6.el5
Size       : 662 k
Repo       : installed
Summary    : The GNU versions of find utilities (find and xargs).
URL        : http://www.gnu.org/software/findutils/
License    : GPL

Description: The findutils package contains programs which 
will help you locate files on your system.  The find utility 
searches through a hierarchy of directories looking for 
files which match a certain set of criteria (such as a 
filename pattern).  The xargs utility builds and executes 
command lines from standard input arguments (usually lists 
of file names generated by the find command).

HTH

Kind Regards,

Keith

-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------

Marian Marinov wrote:
> 
> You should also check this:
> 
> http://blogs.23.nu/till/2008/12/rpm-addsign-with-gpg-agent/
> 
I am not really trilled by entering blank passwords.

Anyhow, I have developed nice script for automatic signing of (--addsign
= only unsigned, --resign = all) rpm's.

Features:
1) It supports subdirectories of unlimited? depth.
2) Password is only asked once.
3) Timestamps are preserved.
4) Script outputs check of rpm's together with active GPG Key ID and
time of signing. Useful for final check and logging.

I hope this script will find good use for rpm packagers.

I named the script "rpm-autosign".

NOTICE: I forgot to filter only files so I had to change code. Improved is:

Code:

#!/bin/bash

# Author Ljubomir Ljubojevic <office at plnet dot rs>

for i in $(find . -type f | grep .rpm); do
    touch -r "$i" "$i.zzz"
done

#rpmsign --resign `find . | grep .rpm | grep -v .zzz`
rpmsign --addsign `find . -type f | grep .rpm | grep -v .zzz`

for i in $(find . -type f | grep .rpm | grep -v .zzz); do
    touch -r "$i.zzz" "$i"
done

for i in $(find . -type f | grep .zzz); do
    rm -f "$i"
done

#rpmsign --checksig `find . | grep .rpm`

rpm -qp `find . -type f | grep .rpm` --qf='%-{NAME} %{BUILDHOST} 
%{PACKAGER} %{SIGGPG:pgpsig} \n'
Notice that last line is broken in two by mail client.

Ljubomir