This set of commands should work with modern versions of gpg (2.1.x) as well, and should be independent of potentially variable output.
Additionally, we want the key to be signing-capable, but nothing else. We also have no need to generate an encryption-capable subkey, so just drop that part. --- bin/reproducible_build.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh index dda7bba..d4d2e58 100755 --- a/bin/reproducible_build.sh +++ b/bin/reproducible_build.sh @@ -775,19 +775,19 @@ check_buildinfo() { sign_buildinfo() { # Greate GPG key if it does not already exist - if ! gpg --list-secret-keys | grep -qs '^sec' >/dev/null 2>&1 + if ! gpg --with-colons --fixed-list-mode --list-secret-keys | cut -d: -f1 | grep -qsFx 'sec' >/dev/null 2>&1 then log_info "Generating GPG key" - gpg --batch --gen-key <<EOF + gpg --no-tty --batch --gen-key <<EOF Key-Type: RSA Key-Length: 4096 -Subkey-Type: ELG-E -Subkey-Length: 1024 +Key-Usage: sign Name-Real: $(hostname -f) -Name-Comment: Automatically generated key +Name-Comment: Automatically generated key for signing .buildinfo files Expire-Date: 0 %no-ask-passphrase +%no-protection %commit EOF fi -- 2.9.3 _______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds