Steve Button asked:
I’m trying to sign yum repo metadata using GPG, as part of a Jenkins job. This is proving more difficult than I first imagined, but I’m sure lots of people must have done this already.
I’ve worked out that I can do it on the terminal using :-
gpg --detach-sign --armor --local-user "Our Team" repomd.xml
However this pops up a curses style window which asks for the key, and I’d like to automate this as part of the Jenkins job. I used expect for signing the actual RPMs, and that worked well but I don’t think I can do that with this gpg / curses method. Is there a way to tell gpg to just accept input from the keyboard and not pop up a text entry box? (I’ve been reading the man page, but it’s really massive and I’m getting stuck).
Will keep trying, but hopefully someone has already solved this?
The man page gives you several options for passing in the passphrase:
--passphrase-fd n Read the passphrase from file descriptor n. Only the first line will be read from file descriptor n. If you use 0 for n, the passphrase will be read from STDIN. This can only be used if only one passphrase is supplied. --passphrase-file file Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. --passphrase string Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very questionable security on a multi-user system. Don't use this option if you can avoid it.
I’m not sure why you mention accepting the passphrase from the keyboard when you want to automate signing packages. Nobody will be around, and there won’t be any keyboard. Your best bet is probably to use
--passphrase-fd and pass the passphrase in via a file descriptor, as womble mentioned in his comment.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.