One of the most “interesting” things to do in a RPM package build system is handle (or NOT handle) automated signing of built packages. RPM itself does not make this easy. The key, however, is to redefine the
(the command run to validate the password you give RPM during signing) and the
(the command used to actually sign packages) macros. After that, you just need to deal with RPM’s usage of getpass(3) to grab the password from the controlling tty.
As much as we love Tcl, the expect tool works the best for this provided you can incant enough RPM macro foo into it. I’ve written a messy expect script that takes several arguments to automatically sign packages. The first is the GPG key ID which I normally use an email address in angle brackets. The second argument is a file name that contains the pass phrase. The rest of the arguments are the RPM packages to sign.