You are not logged in.
Hi,
I've been trying to script package building and sign them with no user interaction. So far it has worked, however, makepkg still prompts for the passphrase to my key even though it is cached. After I cache it,
gpg --sign
doesn't prompt me for my passphrase, but makepkg still does, breaking my script.
gpg,conf
keyserver-options auto-key-retrieve
default-key [redacted]
gpg-agent.conf
allow-preset-passphrase
default-cache-ttl 34560000
maximum-cache-ttl 34560000
Here is the command I use to cache the packages:
echo (redacted passphrase) | /usr/lib/gnupg/gpg-preset-passphrase --preset (redacted key)
Can anyone provide any help? I'm not sure what I'm doing wrong here if
gpg --sign
works without a passphrase, but makepkg doesn't.
Offline
makepkg --sign used to be not functional at all (due to signing inside fakeroot), so you might side-step the issue by getting the package names from makepkg --packagelist (or using PKGDEST and a glob), and signing them manually.
Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby
Offline
"used to be not functional" - key point is used to be...
Offline
Alrighty, so I should just run gpg --sign on the packages and name the output to be *.pkg.tar.zst.sig? Also, this script is heavily using aurutils, so if there's an easier way to do this that I don't know about that'd be really helpful! Thanks for all of y'alls help though, it is very much appreciated.
Edit: Turns out the script isn't actually caching the passphrase, seems like I'm doing something wrong. That was probably why makepkg was prompting for input, not sure why GPG wasn't at that time ,though.
Last edited by Eile_Kerning (2021-12-14 14:07:09)
Offline