diff options
Diffstat (limited to 'modules/gnupg')
| -rw-r--r-- | modules/gnupg/manifests/client.pp | 17 | ||||
| -rw-r--r-- | modules/gnupg/manifests/init.pp | 57 | ||||
| -rw-r--r-- | modules/gnupg/manifests/keys.pp | 38 | ||||
| -rw-r--r-- | modules/gnupg/templates/batch | 11 |
4 files changed, 61 insertions, 62 deletions
diff --git a/modules/gnupg/manifests/client.pp b/modules/gnupg/manifests/client.pp new file mode 100644 index 00000000..301e569a --- /dev/null +++ b/modules/gnupg/manifests/client.pp @@ -0,0 +1,17 @@ +class gnupg::client { +if versioncmp($::lsbdistrelease, '7') < 0 { + package {['gnupg', + 'rng-utils']: + } +} else { + package {['gnupg2', + 'rng-utils']: + } +} + + mga_common::local_script { 'create_gnupg_keys.sh': + content => template('gnupg/create_gnupg_keys.sh') + } +} + + diff --git a/modules/gnupg/manifests/init.pp b/modules/gnupg/manifests/init.pp index 0c183c56..d6ae319d 100644 --- a/modules/gnupg/manifests/init.pp +++ b/modules/gnupg/manifests/init.pp @@ -1,56 +1 @@ -class gnupg { - class client { - package { ["gnupg","rng-utils"]: - ensure => present, - } - - file { "/usr/local/bin/create_gnupg_keys.sh": - ensure => present, - owner => root, - group => root, - mode => 755, - content => template('gnupg/create_gnupg_keys.sh') - } - } - - # debian recommend SHA2, with 4096 - # http://wiki.debian.org/Keysigning - # as they are heavy users of gpg, I will tend - # to follow them - # however, for testing purpose, 4096 is too strong, - # this empty the entropy of my vm - define keys( $email, - $key_name, - $key_type = 'RSA', - $key_length = '4096', - $expire_date = '400d', - $login = 'signbot', - $batchdir = '/var/lib/signbot/batches', - $keydir = '/var/lib/signbot/keys' - ) { - - include gnupg::client - file { "$name.batch": - ensure => present, - path => "$batchdir/$name.batch", - content => template("gnupg/batch") - } - - file { "$keydir": - ensure => directory, - owner => $login, - mode => 700, - } - - file { "$batchdir": - ensure => directory, - owner => $login, - } - - exec { "/usr/local/bin/create_gnupg_keys.sh $batchdir/$name.batch $keydir $batchdir/$name.done": - user => $login, - creates => "$batchdir/$name.done", - require => [File["$keydir"], File["$batchdir/$name.batch"], Package["rng-utils"]], - } - } -} +class gnupg { } diff --git a/modules/gnupg/manifests/keys.pp b/modules/gnupg/manifests/keys.pp new file mode 100644 index 00000000..b99ed393 --- /dev/null +++ b/modules/gnupg/manifests/keys.pp @@ -0,0 +1,38 @@ + # debian recommend SHA2, with 4096 + # https://wiki.debian.org/Keysigning + # as they are heavy users of gpg, I will tend + # to follow them + # however, for testing purpose, 4096 is too strong, + # this empty the entropy of my vm +define gnupg::keys($email, + $key_name, + $key_type = 'RSA', + $key_length = '4096', + $expire_date = '400d', + $login = 'signbot', + $batchdir = '/var/lib/signbot/batches', + $keydir = '/var/lib/signbot/keys') { + + include gnupg::client + file { "${name}.batch": + path => "${batchdir}/${name}.batch", + content => template('gnupg/batch') + } + + file { $keydir: + ensure => directory, + owner => $login, + mode => '0700', + } + + file { $batchdir: + ensure => directory, + owner => $login, + } + + exec { "/usr/local/bin/create_gnupg_keys.sh ${batchdir}/${name}.batch ${keydir} ${batchdir}/${name}.done": + user => $login, + creates => "${batchdir}/${name}.done", + require => [File[$keydir], File["${batchdir}/${name}.batch"], Package['rng-utils']], + } +} diff --git a/modules/gnupg/templates/batch b/modules/gnupg/templates/batch index 4dff44eb..d55bdd52 100644 --- a/modules/gnupg/templates/batch +++ b/modules/gnupg/templates/batch @@ -1,9 +1,8 @@ %echo Generating a standard key -Key-Type: <%= key_type %> -Key-Length: <%= key_length %> -Name-Real: <%= key_name %> -Name-Email: <%= email %> -Expire-Date: <%= expire_date %> +Key-Type: <%= @key_type %> +Key-Length: <%= @key_length %> +Name-Real: <%= @key_name %> +Name-Email: <%= @email %> +Expire-Date: <%= @expire_date %> %commit %echo done - |