blogTILLuDROP

Whenever I do somethong new on Fedora, it is normally time to report some bugs and one import part of the bug report is to include the name-version-release string of the affected rpm package. To get this string easily, I created an alias for it:

alias nvr='/bin/rpm --qf '\''%{name}-%{version}-%{release}\n'\'' -q'

When I handle new bug reports, then I often need to request this information, because I handle several bug reports for components in Red Hat Bugzilla, where most reported bugs are there because of a bug iin some other package. E.g. people report bugs against radeontool, but it’s a bug of the radeon driver, which is included in xorg-x11-drv-ati. Therefore it would be nice if people would have this useful alias or shell script installed on their system, e.g. as rpm-nvr. Maybe I should create a package like rpm-query-scripts that also provide some other useful queries, e.g. for package reviews.

Since I started packaging, I was always annoyed by rpmbuild’s demand for it’s strange directory structure for input and output files. Therefore I wrote this little script to get a rpmbuild that uses the current directory for all these directories. Maybe there is one missing, because a recent rpm version now uses a BUILDROOT directory. Maybe one can define _buildrootdir for this, but I did not yet have any need for it.


$ cat rpmbuild-currentdir.sh
#! /bin/bash

/usr/bin/rpmbuild –define “_sourcedir .” –define “_rpmdir .” –define “_buildir .” –define “_srcrpmdir .” –define “_speccdir .” “$@”

Unfortunately I am not yet able to use my gpg key to create working signed rpms. But during debugging this I had to sign lots of test rpms nevertheless and enter a new password every time. Luckily during the debugging it became clear how to make rpm use the gpg-agent instead of passing the password via a file descriptor to gpg.

Thanks go to Jeff Johnson for motivating me to do this and telling me, that it is ok to modify %__gpg_sign_cmd. And also to Panu Matilainen for backing this up. I normally have a strong aversion against modifying macros that begin with two underlines, but with this encouragement it is not that bad. ;-)

That’s enough talk, here comes the code:

I added this to my ~/.rpmmacros file:

%__gpg_check_password_cmd /bin/true
%__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --use-agent --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}

Now rpm will still ask for a password, but one can enter anything. If the gpg-agent needs a password to unlock a key, it will just fire up the pinentry command, which will then allow three password entry attempts by default. If entering an empty password for rpm is still too annyoing for you, Aaron Hawley described how to use expect to provide a password to rpm.