[Solved] Automate package creation with signatures

Gingko · 2016-02-01 08:28:13

Hello.

I am trying to develop a shell script for managing the process of generating or updating several packages and put them into a private unofficial repository.

I want my packages and my repository database to be signed, and the signature that I use needs a passphrase in order to be applied.

My problem is that this implies calling makepkg, repo-add and/or repo-remove multiple times across the script(s), thus making necessary to enter the passphrase on each call, this is very painful.

I would like to know how to use these pacman utilities (along possibly with others GPG utilities) into a script in such a way that I would have to enter the passphrase not more than once on each invocation of one of my scripts, and/or (better) not more than once all along my shell (bash) session?

I commonly use ssh-agent for a similar use, say using ssh several times across a shell session without entering a passphrase more than once.

I have a utility named gpg-agent that I suppose it is designed to do the same thing when using GPG signatures, but I don't know how to use it with pacman utilities (and actually I don't clearly understand how to use it at all ).

Please could somebody help me?

Regards,

Gingko

Last edited by Gingko (2016-02-02 07:20:07)

x33a · 2016-02-01 08:33:36

Look into keychain.

https://wiki.archlinux.org/index.php/SSH_keys#Keychain

Gingko · 2016-02-01 15:15:03

x33a wrote:

Look into keychain.
https://wiki.archlinux.org/index.php/SSH_keys#Keychain

I didn't know this one, thank you very much.

This will be very useful for me in the future.

... although actually this doesn't solve my problem, which is finding the correct way of using gpg-agent for signing pacman package.

But I think that I found why it wasn't working:
Due to an incorrect PATH environment, my gpg version wasn't matching the one of the gpg-agent that I am using.

Gingko

x33a · 2016-02-02 05:22:52

Actually keychain can work with gpg-agent too. I didn't notice that the Arch wiki page didn't mention that.

http://www.funtoo.org/Keychain

But, in any case, if you have solved your problem, then please mark your thread as solved.

Gingko · 2016-02-02 07:17:12

I know that keychain works with gpg-agent too.

But keychain is "only" a mean to have to enter a passphrase only once across multiple sessions whereas I was still expecting a way to use gpg-agent for entering it once inside a single session, and even inside a single bash script.

So for me it was "just" an eventual next step.

I will mark my thread as solved.

Thank you very much.

Gingko

Arch Linux

#1 2016-02-01 08:28:13

[Solved] Automate package creation with signatures

#2 2016-02-01 08:33:36

Re: [Solved] Automate package creation with signatures

#3 2016-02-01 15:15:03

Re: [Solved] Automate package creation with signatures

#4 2016-02-02 05:22:52

Re: [Solved] Automate package creation with signatures

#5 2016-02-02 07:17:12

Re: [Solved] Automate package creation with signatures

Board footer