2 files changed, 31 insertions, 10 deletions

diff --git a/modules/gnupg/manifests/init.pp b/modules/gnupg/manifests/init.pp
index b7f5781a..66440224 100644
--- a/modules/gnupg/manifests/init.pp
+++ b/modules/gnupg/manifests/init.pp
@@ -34,21 +34,29 @@ class gnupg {
                  $key_name,
                  $key_type = 'RSA',
                  $key_length = '1024',
-                 $expire_date = '1m'
+                 $expire_date = '1m',
+		 $login = 'signbot',
+		 $batchdir = '/var/lib/signbot/batches',
+		 $keydir = '/var/lib/signbot/keys',
                  ) {
 
             include gnupg::client
             file { "$name.batch":
                 ensure => present,
-                path => "/etc/gnupg/batches/$name.batch",
+                path => "$batchdir/$name.batch",
                 content => template("gnupg/batch")
             }
 
-            # TODO make sure the perm are good  
-            exec { "/usr/local/bin/create_gnupg_keys.sh $name":
-                 user => root,
-                 creates => "/etc/gnupg/keys/$name.secring",
-                 require => File["/etc/gnupg/batches/$name.batch"]
+	    file { "$keydir":
+	    	ensure => directory,
+		owner => $login,
+		mode => 700,
+	    }
+
+            exec { "/usr/local/bin/create_gnupg_keys.sh $batchdir/$name.batch $keydir $batchdir/$name.done":
+                 user => $login,
+                 creates => "$batchdir/$name.done",
+                 require => [File["$keydir"], File["$batchdir/$name.batch"]],
             }
     }
 }
diff --git a/modules/gnupg/templates/create_gnupg_keys.sh b/modules/gnupg/templates/create_gnupg_keys.sh
index fbb41277..a2caba2d 100644
--- a/modules/gnupg/templates/create_gnupg_keys.sh
+++ b/modules/gnupg/templates/create_gnupg_keys.sh
@@ -1,11 +1,24 @@
 #!/bin/bash
 
-NAME=$1
+BATCHFILE="$1"
+HOMEDIR="$2"
+LOCK="$3"
+
+test $# -eq 3 || exit 1
+
+if [ -e "$LOCK" ]
+then
+    echo "Lock file already exist." 1>&2
+    echo "Remove $LOCK if you want to regenerate key." 1>&2
+    exit 2
+fi
+
+touch "$LOCK"
 
 /sbin/rngd -f -r /dev/urandom &
 RAND=$!
-cd /etc/gnupg/keys/
-gpg --homedir /etc/gnupg/keys/ --batch --gen-key /etc/gnupg/batches/$NAME.batch 
+cd $HOMEDIR
+gpg --homedir $HOMEDIR --batch --gen-key $BATCHFILE
 EXIT=$?
 
 kill $RAND