I have a continuous integration build system that generates RPMs through a shell script called by cron. I want to sign an RPM with gpg, but gpg insists that the user manually enters the passphrase on the console, which is clearly not a starter, since there is no user console for cron.
I read about gpg-agent, which will allow you to enter a passphrase once for the current login session, but again cron does not have a login session. I would like to be able to configure gpg-agent to accept a passphrase once at boot time and transfer it to a cron session when necessary. I don’t know if this is possible or not, and the documents for the gpg agent are pretty minimal.
An alternative would be to wait for a passphrase to be entered when gpg asks for it, but this is clearly a big security hole, as the passphrase should be included in the script assembly.
source
share