| 1 |
class gnupg { |
| 2 |
class client { |
| 3 |
package { ["gnupg","rng-utils"]: |
| 4 |
ensure => present, |
| 5 |
} |
| 6 |
|
| 7 |
file { ["/etc/gnupg", "/etc/gnupg/batches"]: |
| 8 |
ensure => directory, |
| 9 |
} |
| 10 |
|
| 11 |
file { "/etc/gnupg/keys": |
| 12 |
ensure => directory, |
| 13 |
mode => 600, |
| 14 |
owner => root, |
| 15 |
group => root |
| 16 |
} |
| 17 |
|
| 18 |
file { "/usr/local/bin/create_gnupg_keys.sh": |
| 19 |
ensure => present, |
| 20 |
owner => root, |
| 21 |
group => root, |
| 22 |
mode => 755, |
| 23 |
content => template('gnupg/create_gnupg_keys.sh') |
| 24 |
} |
| 25 |
|
| 26 |
package { "rng-utils": |
| 27 |
ensure => installed |
| 28 |
} |
| 29 |
} |
| 30 |
|
| 31 |
# debian recommend SHA2, with 4096 |
| 32 |
# http://wiki.debian.org/Keysigning |
| 33 |
# as they are heavy users of gpg, I will tend |
| 34 |
# to follow them |
| 35 |
# however, for testing purpose, 4096 is too strong, |
| 36 |
# this empty the entropy of my vm |
| 37 |
define keys( $email, |
| 38 |
$key_name, |
| 39 |
$key_type = 'RSA', |
| 40 |
$key_length = '1024', |
| 41 |
$expire_date = '1m', |
| 42 |
$login = 'signbot', |
| 43 |
$batchdir = '/var/lib/signbot/batches', |
| 44 |
$keydir = '/var/lib/signbot/keys', |
| 45 |
) { |
| 46 |
|
| 47 |
include gnupg::client |
| 48 |
file { "$name.batch": |
| 49 |
ensure => present, |
| 50 |
path => "$batchdir/$name.batch", |
| 51 |
content => template("gnupg/batch") |
| 52 |
} |
| 53 |
|
| 54 |
file { "$keydir": |
| 55 |
ensure => directory, |
| 56 |
owner => $login, |
| 57 |
mode => 700, |
| 58 |
} |
| 59 |
|
| 60 |
exec { "/usr/local/bin/create_gnupg_keys.sh $batchdir/$name.batch $keydir $batchdir/$name.done": |
| 61 |
user => $login, |
| 62 |
creates => "$batchdir/$name.done", |
| 63 |
require => [File["$keydir"], File["$batchdir/$name.batch", Package["rng-utils"]]], |
| 64 |
} |
| 65 |
} |
| 66 |
} |
Parent Directory
| 
Revision Log