As of RedHat rpm version 4.12.0.1-11 and gpg2 version 2.1 (first released in Fedora 22), rpm does not read the passphrase from stdin and pass it to gpg. On these systems some configuration is needed in order to pass the GPG key passphrase to rpm in an unattended manner. In the jenkin's user home directory, make the following modifications to .gnupg/gpg-agent.conf and .rpmmacros.
Add "allow-loopback-pinentry" option to gpg-agent:
echo "allow-loopback-pinentry" >> $HOME/.gnupg/gpg-agent.confIf the gpg-agent is running for the jenkins user, send it a HUP signal:
pkill -HUP gpg-agentLook at the default value of the RPM macro named "__gpg_sign_cmd" in /usr/lib/rpm/macros, or with rpm --eval:
rpm --eval "%__gpg_sign_cmd"Add a "--pinentry-mode loopback" option to __gpg_sign_cmd in $HOME/.rpmmacros, as in this example for Fedora 22:
cat << \EOD >> $HOME/.rpmmacros %__gpg_sign_cmd %{__gpg} \ gpg --no-verbose --no-armor --pinentry-mode loopback \ %{?_gpg_digest_algo:--digest-algo %{_gpg_digest_algo}} \ --no-secmem-warning \ -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename} EOD