reproducible Debian: Greate GPG key on nodes at deploy time, not "lazily".

Signed-off-by: Chris Lamb <lamby@debian.org> Signed-off-by: Holger Levsen <holger@layer-acht.org>
author: Chris Lamb <lamby@debian.org> 2016-10-29 11:25:57 +0100
committer: Holger Levsen <holger@layer-acht.org> 2016-10-31 22:29:48 +0100
commit: fadd6ac719be7514ee0f54a787b36df81fda17df (patch)
tree: 121c7ad5528dc60d4df6fb6f4756a9081d1c5376 /update_jdn.sh
parent: d7866ad74d460bfd106720ed4b5b87bc08ab12e6 (diff)
download: jenkins.debian.net-fadd6ac719be7514ee0f54a787b36df81fda17df.tar.xz
1 files changed, 23 insertions, 0 deletions
diff --git a/update_jdn.sh b/update_jdn.sh
index 20ba0611..0eb22491 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -678,6 +678,29 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then
 	rm -f $TMPFILE
 fi
 
+# Greate GPG key on nodes if they do not already exist in order to sign .buildinfo files
+if [ "$HOSTNAME" != "jenkins" ] || [ "$HOSTNAME" = "jenkins-test-vm" ] ; then
+
+	if gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1
+	then
+		explain "$(date) Not generating GPG key as one already exists"
+	else
+		explain "$(date) Generating GPG key"
+
+		gpg --no-tty --batch --gen-key <<EOF
+Key-Type: RSA
+Key-Length: 4096
+Key-Usage: sign
+Name-Real: $(hostname -a)
+Name-Comment: Automatically generated key for signing .buildinfo files
+Expire-Date: 0
+%no-ask-passphrase
+%no-protection
+%commit
+EOF
+	fi
+fi
+
 #
 # almost finally…
 #
author	Chris Lamb <lamby@debian.org>	2016-10-29 11:25:57 +0100
committer	Holger Levsen <holger@layer-acht.org>	2016-10-31 22:29:48 +0100
commit	fadd6ac719be7514ee0f54a787b36df81fda17df (patch)
tree	121c7ad5528dc60d4df6fb6f4756a9081d1c5376 /update_jdn.sh
parent	d7866ad74d460bfd106720ed4b5b87bc08ab12e6 (diff)
download	jenkins.debian.net-fadd6ac719be7514ee0f54a787b36df81fda17df.tar.xz