tags:

views:

19

answers:

1
+1  Q: 

Using gpg to sign an RPM as part of a continous build - how do I avoid the prompt for the passphrase?

I have a continuous integration build system that generates an RPM via a shell script triggered by cron. I want to sign the RPM with gpg, but gpg insists on the user manually entering the passphrase at the console, which is clearly a non-starter since there is no user console for cron.

I have read about gpg-agent which will let you enter the passphrase once for the current login session, but again cron does not have a login session. What I would like is to be able to configure gpg-agent to accept the passphrase once at boot time and hand that to the cron session when needed. I have no idea if this is possible or not, and the docs for gpg-agent are fairly minimal.

The alternative would be to use expect to enter the passphrase when gpg asks for it, but clearly this is a big security hole since the passphrase will need to be included in the build script.

+1  A: 

You should start gpg-agent at start up and save the GPG_AGENT_INFO environment variable. Then you can set it up in your script's environment and should work as expected. Additionally, make sure permissions of the socket in GPG_AGENT_INFO allow your script to read it.

smmv  2010-10-11 16:20:58
Thanks, that is exactly what I am looking for. But how do you query or set the permissions on a socket?
Dave Kirby  2010-10-12 08:33:00
You set the permission as usual (chown on the path in GPG_AGENT_INFO). Then, if the environment variable is set, gpg should use it with no more action on your side. Note that I haven't tried this case, so let's see if it works ;)
smmv  2010-10-12 09:27:50

related questions

Which software to use for continuous integration of a Java web project
CruiseControl + Starteam: not picking up all files
Cruise Control and Obfuscation, How?
Does anyone know the CVS command line options to get the details of the last check in?
Build setup project with NAnt
Trac in a Scrum team : What are the best plugins / hacks ?
Cruise Control .Net vs Team Foundation Build
MSBuild ItemGroup, excluding .svn directories and files within
How do I use Nant/Ant naming patterns?
continuous integration web service
Can you do "builds" with PHP scripts or an interpreted language?
Daily Build
Recommendations regarding Continuous Integration systems
Hudson can't build my Maven 2 project because it says artifacts are missing from the repository? (they aren't)
Override Working Folder with Starteam/CruiseControl
What is the best way to setup an integration testing server?
CruiseControl.net duplicate NAnt timings
What's the best toolchain for Continuous Integration with C++?
Where to start with CruiseControl.NET
How do I integrate my continuous integration system with my bug tracking system?
Running xinc on OpenBSD's Apache Server
Pre-build task - deleting the working copy in CruiseControl.NET
Setting up Continuous Integration with SVN
Integrating Visual Studio Test Project with Cruise Control
Continuous Integration System for a Python Codebase