Gentoo's Portage: Best ways to keep binary package signing key unlocked?
Werner Koch
wk at gnupg.org
Thu Aug 31 16:35:13 CEST 2023
On Wed, 30 Aug 2023 11:54, Andrew Ammerlaan said:
> Signing /dev/null feels like more of a hack then an actual solution to
> keeping the key unlocked until portage finishes. Therefore I would
> like to ask you if you have any better ideas to do this?
Don't use a passphrase or better use remote signing from your desktop
and not on a server. See wiki.gnupg.org on how to use a remobe
gpg-agent.
Another option is to use gpg-preset-passphrase (installed to
libexec). Use
gpg -K --with-keygrip YOURSIGNINGKEY
to find the keygrip; then use
gpg-preset-passphrase --preset KEYGRIP
and enter the passphrase followed by a LF (or provide to stdin). This
puts the passphrase into gpg-agent's cache with no timeout. The --forget
option might not work right now, thus you better use
gpgconf --reload gpg-agent
to flush gpg-agent's cache.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230831/da9eb314/attachment-0001.sig>
More information about the Gnupg-users
mailing list