1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
class gnupg {
class client {
package { ["gnupg","rng-utils"]:
ensure => present,
}
file { ["/etc/gnupg", "/etc/gnupg/batches"]:
ensure => directory,
}
file { "/etc/gnupg/keys":
ensure => directory,
mode => 600,
owner => root,
group => root
}
file { "/usr/local/bin/create_gnupg_keys.sh":
ensure => present,
owner => root,
group => root,
mode => 755,
content => template('gnupg/create_gnupg_keys.sh')
}
}
# debian recommend SHA2, with 4096
# http://wiki.debian.org/Keysigning
# as they are heavy users of gpg, I will tend
# to follow them
# however, for testing purpose, 4096 is too strong,
# this empty the entropy of my vm
define keys( $email,
$key_name,
$key_type = 'RSA',
$key_length = '1024',
$expire_date = '1m'
) {
include gnupg::client
file { "$name.batch":
ensure => present,
path => "/etc/gnupg/batches/$name.batch",
content => template("gnupg/batch")
}
# TODO make sure the perm are good
exec { "/usr/local/bin/create_gnupg_keys.sh $name":
user => root,
creates => "/etc/gnupg/keys/$name.secring",
require => File["/etc/gnupg/batches/$name.batch"]
}
}
}
|
