Automated rpm resigning using GPG key with passphrase

Sometimes you want to sign multiple RPMs with your custom GPG key using a script.
But what if your GPG key has a passphrase? (which it should)
You probably don´t want to sit by the keyboard and enter the passphrase for each RPM.

This is simpler approach than using gpg-agent, a bash function that uses expect to send the passphrase to the rpm command.

function resignrpm {
  expect << EOF
spawn rpm --resign $myrpm
match_max 100000
expect "Enter pass phrase:"
send -- "$PASSPHRASE\n"
expect "*#"

Note: The function doesn´t check the exit status from the rpm command, it will always return 0 …

Leave a Reply

Your email address will not be published. Required fields are marked *