How can I automate rpmbuild with signing in python?

Question

Normally you can automate answers to an interactive prompt by piping stdin:

import subprocess as sp

cmd = 'rpmbuild --sign --buildroot {}/BUILDROOT -bb {}'.format(TMPDIR, specfile)
p = sp.Popen(cmd, stdout=sp.PIPE, stderr=sp.PIPE, stdin=sp.PIPE, universal_newline=True, shell=True)

for out in p.communicate(input='my gpg passphrase\n'):
    print(out)

For whatever reason, this is not working for me. I've tried writing to p.stdin , before executing p.communicate() , I've tried flushing the buffer, I've tried using bytes without universal_newlines=True , I've hard coded things, etc. In all scenarios, the command is executed and hangs on:

Enter pass phrase: 

My first hunch was that stdin was not the correct file descriptor and that rpmbuild was internally calling a gpg command, and maybe my input isn't piped. But when I do p.stdin.close() I get an OSerror about subprocess trying to write to the closed descriptor.

What is the rpmbuild command doing to stdin that prevents me from writing to it?

Is there a hack I can do? I tried echo "my passphrase" | rpmbuild .... echo "my passphrase" | rpmbuild .... as the command but that doesn't work.

I know I can do something with gpg like command and sign packages without a passphrase but I kind of want to avoid that.

EDIT:

After some more reading, I realize this is issue is common to commands that require password input, typically using a form of getpass .

I see a solution would be to use a library like pexpect , but I want something from the standard library. I am going to keep looking, but I think maybe i can try writing to something similar /dev/tty .

Answer 1

rpm uses getpass(3) which reopens /dev/tty.

There are 2 approaches to automating: 1) create a pseudotty 2) (linux) find the reopened file descriptor in /proc

If scripting, expect(1) has (or had) a short example with pseudotty's that can be used.