diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2016-10-28 13:51:30 -0400 |
|---|---|---|
| committer | Holger Levsen <holger@layer-acht.org> | 2016-10-31 22:29:43 +0100 |
| commit | d7866ad74d460bfd106720ed4b5b87bc08ab12e6 (patch) | |
| tree | 4df06ca928f6d578d9966ce4ea28f70abdf0d386 /bin/reproducible_build.sh | |
| parent | 6865287b94ec4780f8fe303b10f19493255a4160 (diff) | |
| download | jenkins.debian.net-d7866ad74d460bfd106720ed4b5b87bc08ab12e6.tar.xz | |
Make use of gpg more flexible
This set of commands should work with modern versions of gpg (2.1.x)
as well, and should be independent of potentially variable output.
Additionally, we want the key to be signing-capable, but nothing else.
We also have no need to generate an encryption-capable subkey, so just
drop that part.
Signed-off-by: Holger Levsen <holger@layer-acht.org>
Diffstat (limited to 'bin/reproducible_build.sh')
| -rwxr-xr-x | bin/reproducible_build.sh | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh index dda7bbad..d4d2e584 100755 --- a/bin/reproducible_build.sh +++ b/bin/reproducible_build.sh @@ -775,19 +775,19 @@ check_buildinfo() { sign_buildinfo() { # Greate GPG key if it does not already exist - if ! gpg --list-secret-keys | grep -qs '^sec' >/dev/null 2>&1 + if ! gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1 then log_info "Generating GPG key" - gpg --batch --gen-key <<EOF + gpg --no-tty --batch --gen-key <<EOF Key-Type: RSA Key-Length: 4096 -Subkey-Type: ELG-E -Subkey-Length: 1024 +Key-Usage: sign Name-Real: $(hostname -f) -Name-Comment: Automatically generated key +Name-Comment: Automatically generated key for signing .buildinfo files Expire-Date: 0 %no-ask-passphrase +%no-protection %commit EOF fi |