Automating the generation of master keys

Peter Lebbing peter at
Wed Jun 1 21:19:18 CEST 2016

On 01/06/16 19:46, Werner Koch wrote:
>   ps ax | grep -e '--edit-key' | grep -v grep
> does not work either because you assume that there is only one gpg
> command running (actually any process with a string '--edit-key').

... from any user. That seems odd? Why's the 'a' part of the ps
invocation? Do you perhaps have the same affliction as I, in that when
my fingers type "ps " they invariably append "fax" and press Enter
before I have a chance to think whether I want my processes only? :-)

Anyway, apart from the in this case entirely useful BSD-style ps
behaviour of by default listing only processes from the owner, pgrep
seems to be the even more compact option here. The only thing is that
pgrep does not provide an option to say "the owner" other than naming
the user. Something like:

while pgrep -cfxu "$USER" "gpg --batch --command-fd=0 --edit-key
$GPG_KEY" >/dev/null; do sleep 0.5; done

seems a more logical choice. I couldn't test it though, as I couldn't
reproduce the gpg process outliving the invocation. By the time it gets
to the wait loop, it has already finished. I did use GnuPG 2.1.11 for
it, but it still puzzles me why 2.0 would outlive the invocation.

Do note it is all academical because Werner just said "you can't use gpg
this way", which kind of defeats the purpose of the pgrep altogether.

Oh, when I say pgrep is more compact, that's because the equivalent of
the ps ax | ... etcetera invocation seems to be:

while pgrep -c -- --edit-key >/dev/null; do

It is a pity pgrep doesn't provide an option for silence.

> BTW, Unix people use this trick to avoid the inverse grep:
>   grep -e '--edit-ke[y]'

A very useful little trick, but pgrep does it automatically, so in the
cases where pgrep is the more logical choice than grep, it is not needed.



PS: Talking about never learning about command-line invocation of a
tool... ps, sheesh... I think I just know three:

$ ps fax
$ ps fx
$ ps -fp 1 `pgrep blah`

(the latter has the init process in there because I don't like it
erroring out when pgrep turns up empty-handed)

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list