1 |
# debian recommend SHA2, with 4096 |
2 |
# http://wiki.debian.org/Keysigning |
3 |
# as they are heavy users of gpg, I will tend |
4 |
# to follow them |
5 |
# however, for testing purpose, 4096 is too strong, |
6 |
# this empty the entropy of my vm |
7 |
define gnupg::keys($email, |
8 |
$key_name, |
9 |
$key_type = 'RSA', |
10 |
$key_length = '4096', |
11 |
$expire_date = '400d', |
12 |
$login = 'signbot', |
13 |
$batchdir = '/var/lib/signbot/batches', |
14 |
$keydir = '/var/lib/signbot/keys') { |
15 |
|
16 |
include gnupg::client |
17 |
file { "$name.batch": |
18 |
path => "$batchdir/$name.batch", |
19 |
content => template('gnupg/batch') |
20 |
} |
21 |
|
22 |
file { $keydir: |
23 |
ensure => directory, |
24 |
owner => $login, |
25 |
mode => '0700', |
26 |
} |
27 |
|
28 |
file { $batchdir: |
29 |
ensure => directory, |
30 |
owner => $login, |
31 |
} |
32 |
|
33 |
exec { "/usr/local/bin/create_gnupg_keys.sh $batchdir/$name.batch $keydir $batchdir/$name.done": |
34 |
user => $login, |
35 |
creates => "$batchdir/$name.done", |
36 |
require => [File[$keydir], File["$batchdir/$name.batch"], Package['rng-utils']], |
37 |
} |
38 |
} |