This set of commands should work with modern versions of gpg (2.1.x)
as well, and should be independent of potentially variable output.
Additionally, we want the key to be signing-capable, but nothing else.
We also have no need to generate an encryption-capable subkey, so just
drop that part.
---
bin/reproducible_build.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh
index dda7bba..d4d2e58 100755
--- a/bin/reproducible_build.sh
+++ b/bin/reproducible_build.sh
@@ -775,19 +775,19 @@ check_buildinfo() {
sign_buildinfo() {
# Greate GPG key if it does not already exist
- if ! gpg --list-secret-keys | grep -qs '^sec' >/dev/null 2>&1
+ if ! gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d:
-f1 | grep -qsFx 'sec' >/dev/null 2>&1
then
log_info "Generating GPG key"
- gpg --batch --gen-key <<EOF
+ gpg --no-tty --batch --gen-key <<EOF
Key-Type: RSA
Key-Length: 4096
-Subkey-Type: ELG-E
-Subkey-Length: 1024
+Key-Usage: sign
Name-Real: $(hostname -f)
-Name-Comment: Automatically generated key
+Name-Comment: Automatically generated key for signing .buildinfo files
Expire-Date: 0
%no-ask-passphrase
+%no-protection
%commit
EOF
fi
--
2.9.3
_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
