oem-factory-reset: fix keygen prompt order

- gpg --version: gpg (GnuPG) 2.2.21 - Admin PIN was requested after Comment - Confirmation of key expiration is not prompted since command-fd is supplied - Prompts observed (since script supplies --command-fd): - cardedit.prompt [answer: admin] - cardedit.prompt [answer: generate] - cardedit.genkeys.backup_enc [answer: n] - passphrase.enter [answer: $USER_PIN_DEF] - keygen.valid [answer: 0] - keygen.name [answer: $GPG_USER_NAME] - keygen.email [answer: $GPG_USER_MAIL] - keygen.comment [answer: $GPG_USER_COMMENT] - passphrase.enter [answer: $ADMIN_PIN_DEF] - In comparison, prompts when user does generation manually (no command-fd): - Make off-card backup of encryption key? (Y/n) - PIN: - Key is valid for? (0) - Is this correct? (y/N) - Real name: - Email address: - Comment: - Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? - Admin PIN:
linuxboot · Nov 27, 2021 · b9d259d · b9d259d
1 parent fdbd9b2
commit b9d259d
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset
@@ -102,13 +102,12 @@ gpg_key_reset()
         echo admin
         echo generate
         echo n
-        echo ${ADMIN_PIN_DEF}
         echo ${USER_PIN_DEF}
         echo 0
-        echo y
         echo ${GPG_USER_NAME} 
         echo ${GPG_USER_MAIL}
         echo ${GPG_USER_COMMENT}
+        echo ${ADMIN_PIN_DEF}
     } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
         > /tmp/gpg_card_edit_output 2>/dev/null 
     if [ $? -ne 0 ]; then