You are not logged in.

#1 2021-12-13 16:05:02

Eile_Kerning
Member
Registered: 2021-12-13
Posts: 2

Signing Packages Unattended

Hi,
I've been trying to script package building and sign them with no user interaction. So far it has worked, however, makepkg still prompts for the passphrase to my key even though it is cached. After I cache it,

gpg --sign

doesn't prompt me for my passphrase, but makepkg still does, breaking my script.

gpg,conf

keyserver-options auto-key-retrieve
default-key [redacted]

gpg-agent.conf

allow-preset-passphrase
default-cache-ttl 34560000
maximum-cache-ttl 34560000

Here is the command I use to cache the packages:

echo (redacted passphrase) | /usr/lib/gnupg/gpg-preset-passphrase --preset (redacted key)

Can anyone provide any help? I'm not sure what I'm doing wrong here if

gpg --sign

works without a passphrase, but makepkg doesn't.

Offline

#2 2021-12-13 17:53:47

Alad
Wiki Admin/IRC Op
From: Bagelstan
Registered: 2014-05-04
Posts: 2,252
Website

Re: Signing Packages Unattended

makepkg --sign used to be not functional at all (due to signing inside fakeroot), so you might side-step the issue by getting the package names from makepkg --packagelist (or using PKGDEST and a glob), and signing them manually.


Mods are just community members who have the occasionally necessary option to move threads around and edit posts. -- Trilby

Offline

#3 2021-12-13 23:08:04

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,126
Website

Re: Signing Packages Unattended

"used to be not functional"  - key point is used to be...

Offline

#4 2021-12-14 13:57:37

Eile_Kerning
Member
Registered: 2021-12-13
Posts: 2

Re: Signing Packages Unattended

Alrighty, so I should just run gpg --sign on the packages and name the output to be *.pkg.tar.zst.sig? Also, this script is heavily using aurutils, so if there's an easier way to do this that I don't know about that'd be really helpful! Thanks for all of y'alls help though, it is very much appreciated.

Edit: Turns out the script isn't actually caching the passphrase, seems like I'm doing something wrong. That was probably why makepkg was prompting for input, not sure why GPG wasn't at that time ,though.

Last edited by Eile_Kerning (2021-12-14 14:07:09)

Offline

Board footer

Powered by FluxBB