diff --git a/rpm/rpmmacros b/rpm/rpmmacros
index 595589d..8004687 100644
--- a/rpm/rpmmacros
+++ b/rpm/rpmmacros
@@ -1 +1,2 @@
 %_gpg_name @GPG_NAME@
+%__gpg_sign_cmd %{__gpg} --batch --verbose --no-armor --pinentry-mode loopback --passphrase '' --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} -- %{__plaintext_filename}
diff --git a/script/publish-repo.sh b/script/publish-repo.sh
index 77682d4..6352b81 100755
--- a/script/publish-repo.sh
+++ b/script/publish-repo.sh
@@ -7,22 +7,9 @@ RPM_DIR="${1%/}"
 REMOTE_DIR="/var/www/rpm/fedora/${FEDORA_VERSION}/x86_64"
 
 # sign each rpm with the imported gpg key
-echo "rpmmacros:"
-cat ~/.rpmmacros
-echo "gpg keys:"
-gpg --list-secret-keys --keyid-format long
-ls -la "${RPM_DIR}"/*.rpm
-
-echo "testing gpg signing directly..."
-echo test | gpg --batch --pinentry-mode loopback --passphrase '' --sign --armor -u "$(rpm --eval '%{_gpg_name}')" 2>&1 || echo "direct gpg sign failed"
-
-echo "rpm macro expansion:"
-rpm --eval '%{__gpg}' 2>&1
-rpm --eval '%{_gpg_name}' 2>&1
-
 for rpm in "${RPM_DIR}"/*.rpm; do
     echo "signing ${rpm}..."
-    rpmsign --addsign "${rpm}" --verbose 2>&1 || {
+    rpm --addsign "${rpm}" 2>&1 || {
         echo "failed to sign ${rpm}" >&2
         exit 1
     }