Gentoo's Portage: Best ways to keep binary package signing key unlocked?

isp_stream ipstream at onionmail.org
Fri Sep 1 09:34:09 CEST 2023


Thank you sir. You are much to kind.



> On Thursday, 31. August 2023 14:35, Werner Koch via Gnupg-users
> [/webmail/send?to=gnupg-users at gnupg.org] wrote:
> 
> 
> 
> On Wed, 30 Aug 2023 11:54, Andrew Ammerlaan said:
> 
> > Signing /dev/null feels like more of a hack then an actual solution to
> > keeping the key unlocked until portage finishes. Therefore I would
> > like to ask you if you have any better ideas to do this?
> 
> Don't use a passphrase or better use remote signing from your desktop
> and not on a server. See wiki.gnupg.org on how to use a remobe
> gpg-agent.
> 
> Another option is to use gpg-preset-passphrase (installed to
> libexec). Use
> 
> gpg -K --with-keygrip YOURSIGNINGKEY
> 
> to find the keygrip; then use
> 
> gpg-preset-passphrase --preset KEYGRIP
> 
> and enter the passphrase followed by a LF (or provide to stdin). This
> puts the passphrase into gpg-agent's cache with no timeout. The --forget
> option might not work right now, thus you better use
> 
> gpgconf --reload gpg-agent
> 
> to flush gpg-agent's cache.
> 
> Salam-Shalom,
> 
> Werner
> 
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230901/58cd9562/attachment.html>


More information about the Gnupg-users mailing list