Remove signing support from (lib)rpmbuild
- Signing is better done in an environment completely separated from
the process of actually building packages. This is how its generally
done anyway by distros, this change just forces the issue.
- While signing on build seems handy and saves some io-churn, this
is very insecure as your precious secret passphrase remains unencrypted
in memory for the entire duration of the build where it's accessible
to whatever happens to be building. This change doesn't
affect fix the issue of unencrypted passphrase residing in memory
and potentially getting swapped out, it only limits the exposure
to the actual signing process which isn't subject to unknown scripts
poking around.
- Minimally preserve rpmbuild's --sign functionality via popt --pipe hack
to call rpm --addsign when build completes