如何在不输入密码的情况下签署 rpm 包?
How to sign a rpm package without typing password?
我正在尝试对使用 GPG 创建的 RPM 包进行签名而不输入密码,输入我可以签名的密码,但是不输入密码会打开消息框 Please enter the passphrase to unlock the OpenPGP secret key,我需要密码签署包时不会被请求,因为这将是一个在“静默模式”下执行的脚本。我可能有错误的命令,但我很难找到解决方案。
这是我要执行的命令,即使这样也要求输入密码:
gpg --batch --passphrase "78910" --clearsign test-1-0.x86_64.rpm
第二个命令不需要密码:
echo "78910" | gpg --batch --passphrase-fd 0 --clearsign test-1-0.x86_64.rpm
但是,签名没有执行,returns错误描述如下:
gpg: signing failed: Inappropriate ioctl for device gpg: /test-1-0.x86_64.rpm: clear-sign failed: Inappropriate ioctl for device
使用第三个命令,报告的错误不同:
echo "78910" | gpg --batch --passphrase-fd 0 ~/.gnupg/trustdb.gpg --clearsign test-1-0.x86_64.rpm
错误信息:
gpg: Note: '--clearsign' is not considered an option gpg: WARNING: no command supplied. Trying to guess what you mean ... usage: gpg [options] [filename]
这是我创建 gpg 密钥的代码,我尝试在没有密码的情况下创建,但是当密码值为空时我收到错误消息。
#!/bin/bash
echo "Key-Type: 1" > gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: test@test.com" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "Passphrase: 78910" >> gen-key-script
echo "" >> gen-key-script
#---------------------------------------------------------
# GENERATE THE KEY
#---------------------------------------------------------
gpg --batch --gen-key gen-key-script
#---------------------------------------------------------
# .RPMMACROS
#---------------------------------------------------------
echo "%_gpg_name gpg test <test@test.com>" > ~/.rpmmacros
如果您不想输入密码,则需要将您的私钥存储在磁盘上而不受密码保护。这意味着有权访问密钥文件的每个人都可以签署您的包。决定你是否想要那个。
如果你不想保护密钥使用%no-protection,像这样:
echo "%no-protection" > gen-key-script
echo "Key-Type: 1" >> gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: test@test.com" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "" >> gen-key-script
如果您的 GPG 密码为空:
我知道这个回答有点晚了,但它对我来说效果最好,因为我没有 GPG 密码(空密码)。您可以实施一些技术来在 CLI 上安全地传递它而无需键入它,无论如何您的密码都是空的我认为这是一个很好的解决方案。
echo "" | setsid rpmbuild -bb --sign <filename>.spec
来源:https://rpm-list.redhat.narkive.com/7hkHM9bp/signing-rpms-without-a-passphrase#post4
我正在尝试对使用 GPG 创建的 RPM 包进行签名而不输入密码,输入我可以签名的密码,但是不输入密码会打开消息框 Please enter the passphrase to unlock the OpenPGP secret key,我需要密码签署包时不会被请求,因为这将是一个在“静默模式”下执行的脚本。我可能有错误的命令,但我很难找到解决方案。
这是我要执行的命令,即使这样也要求输入密码:
gpg --batch --passphrase "78910" --clearsign test-1-0.x86_64.rpm
第二个命令不需要密码:
echo "78910" | gpg --batch --passphrase-fd 0 --clearsign test-1-0.x86_64.rpm
但是,签名没有执行,returns错误描述如下:
gpg: signing failed: Inappropriate ioctl for device gpg: /test-1-0.x86_64.rpm: clear-sign failed: Inappropriate ioctl for device
使用第三个命令,报告的错误不同:
echo "78910" | gpg --batch --passphrase-fd 0 ~/.gnupg/trustdb.gpg --clearsign test-1-0.x86_64.rpm
错误信息:
gpg: Note: '--clearsign' is not considered an option gpg: WARNING: no command supplied. Trying to guess what you mean ... usage: gpg [options] [filename]
这是我创建 gpg 密钥的代码,我尝试在没有密码的情况下创建,但是当密码值为空时我收到错误消息。
#!/bin/bash
echo "Key-Type: 1" > gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: test@test.com" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "Passphrase: 78910" >> gen-key-script
echo "" >> gen-key-script
#---------------------------------------------------------
# GENERATE THE KEY
#---------------------------------------------------------
gpg --batch --gen-key gen-key-script
#---------------------------------------------------------
# .RPMMACROS
#---------------------------------------------------------
echo "%_gpg_name gpg test <test@test.com>" > ~/.rpmmacros
如果您不想输入密码,则需要将您的私钥存储在磁盘上而不受密码保护。这意味着有权访问密钥文件的每个人都可以签署您的包。决定你是否想要那个。
如果你不想保护密钥使用%no-protection,像这样:
echo "%no-protection" > gen-key-script
echo "Key-Type: 1" >> gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: test@test.com" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "" >> gen-key-script
如果您的 GPG 密码为空:
我知道这个回答有点晚了,但它对我来说效果最好,因为我没有 GPG 密码(空密码)。您可以实施一些技术来在 CLI 上安全地传递它而无需键入它,无论如何您的密码都是空的我认为这是一个很好的解决方案。
echo "" | setsid rpmbuild -bb --sign <filename>.spec
来源:https://rpm-list.redhat.narkive.com/7hkHM9bp/signing-rpms-without-a-passphrase#post4