Gentoo's Portage: Best ways to keep binary package signing key unlocked?

Werner Koch wk at gnupg.org
Thu Aug 31 16:35:13 CEST 2023


On Wed, 30 Aug 2023 11:54, Andrew Ammerlaan said:

> Signing /dev/null feels like more of a hack then an actual solution to
> keeping the key unlocked until portage finishes. Therefore I would
> like to ask you if you have any better ideas to do this?

Don't use a passphrase or better use remote signing from your desktop
and not on a server.  See wiki.gnupg.org on how to use a remobe
gpg-agent.

Another option is to use gpg-preset-passphrase (installed to
libexec). Use

  gpg -K --with-keygrip YOURSIGNINGKEY

to find the keygrip; then use

  gpg-preset-passphrase --preset KEYGRIP

and enter the passphrase followed by a LF (or provide to stdin).  This
puts the passphrase into gpg-agent's cache with no timeout.  The --forget
option might not work right now, thus you better use

  gpgconf --reload gpg-agent

to flush gpg-agent's cache.


Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230831/da9eb314/attachment-0001.sig>


More information about the Gnupg-users mailing list