Hi!
Thanks for answering this... I used to have a script doing something
similar :-)
I guess this will help Allen.
-of
Am 14.12.2010 08:43, schrieb Pierre Guillet:
> Hi,
>
> I'am using Koji + sign_unsigned.py + mash to build RPM on CentOS5
>
> I have modified sign_unsigned.py to manage the passphrase. If option is
> not used, sign_unsigned.py gives an empty passphrase to 'rpm --resign'
> command.
>
> Add the Python expect module in import section (pexpect RPM must
> installed) :
>
> import getpass
> +import pexpect
>
> Add the --passwd option in __init__() from SignUnsigned class:
>
> + self.parser.add_option("--passwd", action="store_true")
>
> Replace these lines in do_signing()
>
> - # loop in case password is mistyped
> - while os.system(cmd):
> - # sleep briefly (give user a chance to ctrl-C)
> - time.sleep(2)
> + # Use expect to give the passphrase
> + # LANG=C to have english question 'pass phrase'
> + os.environ['LC_ALL'] = 'C'
> + child = pexpect.spawn(cmd)
> + # Wait for 'pass phrase'
> + child.expect('phrase:')
> + if not self.options.passwd:
> + child.sendline('\r')
> + else:
> + child.sendline("%s" % self.options.passwd)
> + child.expect(pexpect.EOF)
>
> Regards,
> Pierre
>
> 2010/12/14 Allen Hewes <[email protected] <mailto:[email protected]>>
>
>
> >
> > Hi Allen!
> >
> > You might want to look at the following post:
> >
> > http://www.mail-archive.com/[email protected]/ms
> g02187.html
>
> <http://www.mail-archive.com/[email protected]/ms%0Ag02187.html>
> >
> > -of
>
> Hi Oliver,
>
> Thanks for link. I had not come across this thread.
>
> It would appear that currently there isn't any method to sign RPMs
> within koji or mash. You can import prebuilt RPMs with signatures
> into Koji. I don't know much about importing RPMs into koji because
> I haven't had a need.
>
> Do the Fedora guys use the sign_unsigned.py script for the official
> Fedora yum repos? If so, how do they use mash? Because it looks to
> me that if you use this script, it does one of the steps mash does;
> fetching RPMs out of koji tags.
>
> I would have guessed that the Fedora guys generate their yum repos
> via mash from koji tags and then sign RPMs.
>
> I'd have to modify this script to suit my needs, but I think I could
> do it. It also looks like it relies on a newer version of RPM, the
> rpm command for key size == 4096 is one spot I noticed.
>
> Also, I have to enter a passphrase when I sign my RPMs but this
> script doesn't have any provisions for that. Is there a way to make
> rpm --resign not prompt for a passphrase?
>
> Has there been any talk about adding RPM signing to mash? It seems
> like that'd be a good place for it.
>
> Thanks,
>
> /allen
> --
> buildsys mailing list
> [email protected]
> <mailto:[email protected]>
> https://admin.fedoraproject.org/mailman/listinfo/buildsys
>
>
>
>
> --
> buildsys mailing list
> [email protected]
> https://admin.fedoraproject.org/mailman/listinfo/buildsys
--
buildsys mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/buildsys
