Automated rpm resigning using GPG key with passphrase

Sometimes you want to sign multiple RPMs with your custom GPG key using a script.
But what if your GPG key has a passphrase? (which it should)
You probably don´t want to sit by the keyboard and enter the passphrase for each RPM.

This is simpler approach than using gpg-agent, a bash function that uses expect to send the passphrase to the rpm command.

function resignrpm {
 
  myrpm=$1
 
  PASSPHRASE="MySecretPassphrase"
 
  expect << EOF
spawn rpm --resign $myrpm
match_max 100000
expect "Enter pass phrase:"
send -- "$PASSPHRASE\n"
expect "*#"
EOF
 
}

Note: The function doesn´t check the exit status from the rpm command, it will always return 0 …

Leave a Reply

Your email address will not be published. Required fields are marked *