diff --git a/config/projects/gitlab.rb b/config/projects/gitlab.rb
index c9e69bbdc..24f2d290c 100644
--- a/config/projects/gitlab.rb
+++ b/config/projects/gitlab.rb
@@ -154,6 +154,8 @@ package :deb do
   signing_passphrase Gitlab::Util.get_env('GPG_PASSPHRASE')
 end
 
+resources_path "#{Omnibus::Config.project_root}/resources"
+
 # Our package scripts are generated from .erb files,
 # so we will grab them from an excluded folder
 package_scripts_path "#{install_dir}/.package_util/package-scripts"
diff --git a/resources/rpm/signing.erb b/resources/rpm/signing.erb
new file mode 100644
index 000000000..7ba782f81
--- /dev/null
+++ b/resources/rpm/signing.erb
@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+
+unless (rpm_cmd = ARGV[0])
+  STDERR.puts 'Usage: sign-rpm RPM_COMMAND'
+  exit 1
+end
+
+password = '<%= passphrase %>'
+
+require 'pty'
+
+puts rpm_cmd
+PTY.spawn(rpm_cmd) do |r, w, pid|
+  # Older versions of rpmsign will prompt right away for the passphrase
+  prompt = r.read(19)
+
+  if prompt == 'Enter pass phrase: '
+    STDOUT.puts prompt
+    w.write("#{password}\n")
+  end
+
+  # Keep printing output unti the command exits
+  loop do
+    begin
+      line = r.gets
+      puts line
+      if line =~ /Please enter the passphrase to unlock the OpenPGP secret key:/
+        w.write("#{password}\n")
+      elsif (line =~ /failed/) && !(line =~ /warning:/)
+        STDERR.puts 'RPM signing failure'
+        exit 1
+      end
+    rescue Errno::EIO
+      break
+    end
+  end
+end