diff options
author | Holger Levsen <holger@layer-acht.org> | 2016-10-31 22:34:34 +0100 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2016-10-31 22:34:34 +0100 |
commit | e361cd00f5f35496be8fedc2c7aa3d741a1c5ff7 (patch) | |
tree | 0a11f31e7aae04c2943dc96f7fd6a412344583be | |
parent | fadd6ac719be7514ee0f54a787b36df81fda17df (diff) | |
download | jenkins.debian.net-e361cd00f5f35496be8fedc2c7aa3d741a1c5ff7.tar.xz |
fixup fadd6ac7: actually create GPG key for jenkins user and not for the user running update_jdn.sh
Signed-off-by: Holger Levsen <holger@layer-acht.org>
-rwxr-xr-x | update_jdn.sh | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/update_jdn.sh b/update_jdn.sh index 0eb22491..e8aad062 100755 --- a/update_jdn.sh +++ b/update_jdn.sh @@ -678,16 +678,15 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then rm -f $TMPFILE fi -# Greate GPG key on nodes if they do not already exist in order to sign .buildinfo files -if [ "$HOSTNAME" != "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then - - if gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1 - then - explain "$(date) Not generating GPG key as one already exists" - else - explain "$(date) Generating GPG key" +# +# Create GPG key for jenkins user if they do not already exist (eg. to sign .buildinfo files) +# +if sudo -u jenkins gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1 ; then + explain "$(date) Not generating GPG key as one already exists" +else + explain "$(date) Generating GPG key" - gpg --no-tty --batch --gen-key <<EOF + sudo -u jenkins gpg --no-tty --batch --gen-key <<EOF Key-Type: RSA Key-Length: 4096 Key-Usage: sign @@ -698,7 +697,6 @@ Expire-Date: 0 %no-protection %commit EOF - fi fi # |