aboutsummaryrefslogtreecommitdiffstats
path: root/modules/gnupg/manifests/init.pp
blob: 0c183c56cbd3429b0d51f784bb04d02d2766b1fd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
class gnupg {
    class client {
        package { ["gnupg","rng-utils"]:
            ensure => present,
        }
        
        file { "/usr/local/bin/create_gnupg_keys.sh":
             ensure => present,
             owner => root,
             group => root,
             mode => 755,
             content => template('gnupg/create_gnupg_keys.sh')
        }
    }

    # debian recommend SHA2, with 4096
    # http://wiki.debian.org/Keysigning
    # as they are heavy users of gpg, I will tend 
    # to follow them
    # however, for testing purpose, 4096 is too strong, 
    # this empty the entropy of my vm
    define keys( $email,
                 $key_name,
                 $key_type = 'RSA',
                 $key_length = '4096',
                 $expire_date = '400d',
		 $login = 'signbot',
		 $batchdir = '/var/lib/signbot/batches',
		 $keydir = '/var/lib/signbot/keys'
                 ) {

            include gnupg::client
            file { "$name.batch":
                ensure => present,
                path => "$batchdir/$name.batch",
                content => template("gnupg/batch")
            }

	    file { "$keydir":
	    	ensure => directory,
		owner => $login,
		mode => 700,
	    }

	    file { "$batchdir":
	    	ensure => directory,
		owner => $login,
	    }

            exec { "/usr/local/bin/create_gnupg_keys.sh $batchdir/$name.batch $keydir $batchdir/$name.done":
                 user => $login,
                 creates => "$batchdir/$name.done",
                 require => [File["$keydir"], File["$batchdir/$name.batch"], Package["rng-utils"]],
            }
    }
}