Thanks Ken, I am not sure either. I have 150+ packages I would like to install on production via RPMs and it would be nice to automate this rather than doing this manually. If it could be implemented through some configuration or environment variable that would be good.
Maybe set EASYBUILD_GPG_KEY="xxxxxx" that could be used. Possibly use rpmbuild -sign option, not sure if fpm can handle this in EasyBuild. See https://github.com/jordansissel/fpm/issues/141 From: [email protected] [mailto:[email protected]] On Behalf Of Kenneth Hoste Sent: Monday, April 3, 2017 2:35 PM To: [email protected] Subject: Re: [easybuild] GPG signing RPM in EasyBuild On 03/04/2017 18:23, Siddiqui, Shahzeb wrote: Can we add the -rpm-sign feature to EasyBuild. It would also need a means to import gpg key. Similar to github token, if there is a flag -gpg-key you can set the key and rpmsign will take care of the rest. Yea, --package-tool-option would work fine so long as it has a some way to address the issue. You can merge the release and few other options in this option It could be like package-tool-options = {gpg-key: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', release: '1' } Support for using eb --package-tool-options="--rpm-sign 'xxx' " is implemented in https://github.com/hpcugent/easybuild-framework/pull/2187<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_hpcugent_easybuild-2Dframework_pull_2187&d=DwMD-g&c=UE1eNsedaKncO0Yl_u8bfw&r=RMJdCm7m5fiPWhajwKUnEW5yn4eK2YdUWW-MLVShghg&m=njwkluh-wypuGv2_GT9dQf_isF24y1rirpnL0RkPr1U&s=DH9OvxauQKGVKct3yDLCVFOLRgUC-bhWMMd1Abu6_kg&e=> . This doesn't include support for something like --gpg-key though, I'm not sure if something like that would make sense, i.e. if it's EasyBuild responsibility to keep a GPG key safe... K. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kenneth Hoste Sent: Monday, April 3, 2017 12:10 PM To: [email protected]<mailto:[email protected]> Subject: Re: [easybuild] GPG signing RPM in EasyBuild Hi Shahzeb, On 03/04/2017 17:24, Siddiqui, Shahzeb wrote: Hello, I want to find out if its possible to add a GPG signature to RPM via FPM. If so, I would like to utilize this feature. Not yet, it would require support for pass --rpm-sign to the fpm command, cfr. https://github.com/jordansissel/fpm/pull/311<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_jordansissel_fpm_pull_311&d=DwMD-g&c=UE1eNsedaKncO0Yl_u8bfw&r=RMJdCm7m5fiPWhajwKUnEW5yn4eK2YdUWW-MLVShghg&m=US9RgPiNDPNpBR31rvQcvec4fCJ-TiXMpRgT4PYhYk4&s=zYl-9-X547OnK6I8DGUuE6vd71BULB7VLFvg5c8b3cQ&e=> . As a more general solution, it would probably make sense to support a more general configuration setting like --package-tool-options, or something like that... regards, Kenneth
