Today I’ve been building a noarch RPM specfile for setting up a Nessus environment with custom [signed] plugins. This is quite a good starting point, not really a tutorial though.

rpmbuild signs the plugin using nasl as per these instructions, but to automate it I had to remove the passphrase from the private key I was using, as rpmbuild won’t be able to prompt for a passphrase! The command to do that is:

openssl rsa -in MyCustomKey.priv.pem -out MyCustomKey2.priv.pem```

It doesn't change the public key and it still generates the same script signatures.

I also found that due to moving to a newer version of RPM, you can't build FC9-compatible RPM's on Fedora 12. I also found you can't rebuild a src-rpm from F13 on F9, it can't unpack it, probably for the same reason.