def gen_gpgkey(ctx, rpmmacros="~/.rpmmacros", homedir=None, compat=True, passphrase=None): """ Generate and configure GPG key to sign RPMs built. :param ctx: Context object to instantiate the template :param rpmmacros: .rpmmacros file path :param homedir: GPG's home dir (~/.gnupg by default); see also gpg(1) :param compat: Keep compatibility of GPG key for older RHEL if True :param passphrase: Passphrase for this GPG key :return: List of command strings to deploy built RPMs. """ _check_vars_for_template(ctx, ["workdir"]) workdir = ctx["workdir"] if passphrase is None: passphrase = getpass.getpass("Passphrase for this GPG key: ") homedir_opt = "" if homedir is None else "--homedir " + homedir gpgconf = os.path.join(workdir, ".gpg.conf") comment = "RPM sign key" c = _GPGKEY_CONF % dict(signer_name=ctx["fullname"], comment=comment, passphrase=passphrase) logging.info("Generate GPG conf to generate GPG key...") open(gpgconf, "w").write(c) os.chmod(gpgconf, 0600) sproc = gen_entoropy() logging.info("Generate GPG key...") MS.run("gpg -v --batch --gen-key %s %s" % (homedir_opt, gpgconf)) MS.stop_async_run(sproc) os.remove(gpgconf) keyid = find_keyid(ctx["fullname"], comment) logging.info("Export GPG pub key files...") for c in mk_export_gpgkey_files_cmds(keyid, workdir, ctx["repos"], homedir_opt): MS.run(c) rpmmacros = os.path.expanduser("~/.rpmmacros") if os.path.exists(rpmmacros): m = "~/.rpmmacros already exists! Edit it manually as needed." logging.warn(m) else: fmt = _RPMMACROS_ADD_1 if compat else _RPMMACROS_ADD_0 open(rpmmacros, "w").write(fmt % dict(keyid=keyid)) logging.info("Added GPG key configurations to " + rpmmacros)