Righty, I guess this is starting to take some shape finally. Up to now I've
been thinking of autosigning on build if %_openpgp_sign_id (think old
%_gpg_name) is set, but this is problematic in many ways: signing takes place
after the build has completed, and the signing asks for a passphrase at the end
of four hours of build... and if you happen to be around, and mistype the
password, you basically lost the build for no good reason. This is a pretty
terrible user experience in every way 😆
So I think the right thing to do is to have rpm always setup a passwordless,
rpm-specific key that all completed builds are signed with. If the user wants
to resign it with something else like their own personal key later, that's no
different to what they'd be doing now, and no matter what your setup was,
builds aren't disrupted by any silly password questions that really don't
belong in the build stage in the first place.
With that, we get verifiable packages out of the gate for the local builds
use-case. Distros and such signing their packages is an entirely different
case, that we're not disrupting with this AFAICS.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2678#issuecomment-2655712968
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2678/2655712...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
