[Qa-jenkins-scm] [jenkins.debian.net] 04/07: Make use of gpg more flexible
Holger Levsen
holger at layer-acht.org
Mon Oct 31 21:37:00 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository jenkins.debian.net.
commit d7866ad74d460bfd106720ed4b5b87bc08ab12e6
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Fri Oct 28 13:51:30 2016 -0400
Make use of gpg more flexible
This set of commands should work with modern versions of gpg (2.1.x)
as well, and should be independent of potentially variable output.
Additionally, we want the key to be signing-capable, but nothing else.
We also have no need to generate an encryption-capable subkey, so just
drop that part.
Signed-off-by: Holger Levsen <holger at layer-acht.org>
---
bin/reproducible_build.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh
index dda7bba..d4d2e58 100755
--- a/bin/reproducible_build.sh
+++ b/bin/reproducible_build.sh
@@ -775,19 +775,19 @@ check_buildinfo() {
sign_buildinfo() {
# Greate GPG key if it does not already exist
- if ! gpg --list-secret-keys | grep -qs '^sec' >/dev/null 2>&1
+ if ! gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1
then
log_info "Generating GPG key"
- gpg --batch --gen-key <<EOF
+ gpg --no-tty --batch --gen-key <<EOF
Key-Type: RSA
Key-Length: 4096
-Subkey-Type: ELG-E
-Subkey-Length: 1024
+Key-Usage: sign
Name-Real: $(hostname -f)
-Name-Comment: Automatically generated key
+Name-Comment: Automatically generated key for signing .buildinfo files
Expire-Date: 0
%no-ask-passphrase
+%no-protection
%commit
EOF
fi
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git
More information about the Qa-jenkins-scm
mailing list