1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# debian recommend SHA2, with 4096
# http://wiki.debian.org/Keysigning
# as they are heavy users of gpg, I will tend
# to follow them
# however, for testing purpose, 4096 is too strong,
# this empty the entropy of my vm
define gnupg::keys($email,
$key_name,
$key_type = 'RSA',
$key_length = '4096',
$expire_date = '400d',
$login = 'signbot',
$batchdir = '/var/lib/signbot/batches',
$keydir = '/var/lib/signbot/keys') {
include gnupg::client
file { "${name}.batch":
path => "${batchdir}/${name}.batch",
content => template('gnupg/batch')
}
file { $keydir:
ensure => directory,
owner => $login,
mode => '0700',
}
file { $batchdir:
ensure => directory,
owner => $login,
}
exec { "/usr/local/bin/create_gnupg_keys.sh ${batchdir}/${name}.batch ${keydir} ${batchdir}/${name}.done":
user => $login,
creates => "${batchdir}/${name}.done",
require => [File[$keydir], File["${batchdir}/${name}.batch"], Package['rng-utils']],
}
}
|
