如何在不输入密码的情况下签署 rpm 包?
[英]How to sign a rpm package without typing password?
问题描述
I am trying to sign an RPM package that I created using GPG without typing the password, typing the password I can sign, however without typing the password is opening the message box Please enter the passphrase to unlock the OpenPGP secret key , I need the password not to be requested when signing the package, as this will be a script executed in "silent mode".
我正在尝试签署我使用 GPG 创建的 RPM 包而不输入密码,输入密码我可以签名,但是不输入密码打开消息框Please enter the passphrase to unlock the OpenPGP secret key ,我需要密码签名包时不会被请求,因为这将是在“静默模式”下执行的脚本。 I probably have the wrong command, but I'm having a hard time finding the solution.我可能有错误的命令,但我很难找到解决方案。
This is the command I am trying to execute, and even then the password is requested:这是我试图执行的命令,即使这样也要求输入密码:
gpg --batch --passphrase "78910" --clearsign test-1-0.x86_64.rpm
With this second command, the password is not requested:使用第二个命令,不需要密码:
echo "78910" | gpg --batch --passphrase-fd 0 --clearsign test-1-0.x86_64.rpm
However, the signature is not performed and returns the error described below:但是,不会执行签名并返回如下所述的错误:
gpg: signing failed: Inappropriate ioctl for device gpg: /test-1-0.x86_64.rpm: clear-sign failed: Inappropriate ioctl for device
With this third command, the reported error is different:有了这第三条命令,报的错误就不一样了:
echo "78910" | gpg --batch --passphrase-fd 0 ~/.gnupg/trustdb.gpg --clearsign test-1-0.x86_64.rpm
Error message:错误信息:
gpg: Note: '--clearsign' is not considered an option gpg: WARNING: no command supplied. Trying to guess what you mean ... usage: gpg [options] [filename]
This is my code to create the gpg key, i try create without password, but i receive error when the password value is empty.这是我创建 gpg 密钥的代码,我尝试在没有密码的情况下创建,但是当密码值为空时我收到错误。
#!/bin/bash
echo "Key-Type: 1" > gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: test@test.com" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "Passphrase: 78910" >> gen-key-script
echo "" >> gen-key-script
#---------------------------------------------------------
# GENERATE THE KEY
#---------------------------------------------------------
gpg --batch --gen-key gen-key-script
#---------------------------------------------------------
# .RPMMACROS
#---------------------------------------------------------
echo "%_gpg_name gpg test <test@test.com>" > ~/.rpmmacros
2 个解决方案
解决方案1
5 2019-09-16 08:54:30
In case your GPG passphrase is empty:如果您的 GPG 密码为空:
I am aware this is a bit late answer, but it works for me the best since I don't have GPG passphrase ( empty passphrase ).我知道这是一个有点晚的答案,但它最适合我,因为我没有 GPG 密码(空密码)。 You can implement some techniques to pass it securely on CLI without typing it, anyway it you have empty passphrase I think this is a good solution.您可以实施一些技术来在 CLI 上安全地传递它,而无需键入它,无论如何,您的密码是空的,我认为这是一个很好的解决方案。
echo "" | setsid rpmbuild -bb --sign <filename>.spec
SOURCE: https://rpm-list.redhat.narkive.com/7hkHM9bp/signing-rpms-without-a-passphrase#post4来源: https : //rpm-list.redhat.narkive.com/7hkHM9bp/signing-rpms-without-a-passphrase#post4
解决方案2
1 已采纳 2018-05-09 17:03:53
If you don't want to type the password you'll need to store your private key on disk without being protected by a password.如果您不想输入密码,则需要将您的私钥存储在磁盘上而不受密码保护。 That means that everybody who has access to the key file can sign your packages.这意味着有权访问密钥文件的每个人都可以对您的包进行签名。 Decide if you want that.决定你是否想要那个。
If you don't want to protect the key use %no-protection , like this:如果您不想保护密钥,请使用%no-protection ,如下所示:
echo "%no-protection" > gen-key-script
echo "Key-Type: 1" >> gen-key-script
echo "Key-Length: 1024" >> gen-key-script
echo "Subkey-Type: 1" >> gen-key-script
echo "Subkey-Length: 1024" >> gen-key-script
echo "Name-Real: gpg test" >> gen-key-script
echo "Name-Email: test@test.com" >> gen-key-script
echo "Expire-Date: 0" >> gen-key-script
echo "" >> gen-key-script
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.