1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
class gnupg {
class client {
package { ["gnupg","rng-utils"]:
ensure => present,
}
file { "/usr/local/bin/create_gnupg_keys.sh":
ensure => present,
owner => root,
group => root,
mode => 755,
content => template('gnupg/create_gnupg_keys.sh')
}
}
# debian recommend SHA2, with 4096
# http://wiki.debian.org/Keysigning
# as they are heavy users of gpg, I will tend
# to follow them
# however, for testing purpose, 4096 is too strong,
# this empty the entropy of my vm
define keys( $email,
$key_name,
$key_type = 'RSA',
$key_length = '4096',
$expire_date = '400d',
$login = 'signbot',
$batchdir = '/var/lib/signbot/batches',
$keydir = '/var/lib/signbot/keys'
) {
include gnupg::client
file { "$name.batch":
ensure => present,
path => "$batchdir/$name.batch",
content => template("gnupg/batch")
}
file { "$keydir":
ensure => directory,
owner => $login,
mode => 700,
}
file { "$batchdir":
ensure => directory,
owner => $login,
}
exec { "/usr/local/bin/create_gnupg_keys.sh $batchdir/$name.batch $keydir $batchdir/$name.done":
user => $login,
creates => "$batchdir/$name.done",
require => [File["$keydir"], File["$batchdir/$name.batch"], Package["rng-utils"]],
}
}
}
|
