diff options
-rw-r--r-- | modules/gnupg/manifests/init.pp | 54 | ||||
-rw-r--r-- | modules/gnupg/templates/batch | 12 | ||||
-rw-r--r-- | modules/gnupg/templates/create_gnupg_keys.sh | 13 |
3 files changed, 79 insertions, 0 deletions
diff --git a/modules/gnupg/manifests/init.pp b/modules/gnupg/manifests/init.pp new file mode 100644 index 00000000..b7f5781a --- /dev/null +++ b/modules/gnupg/manifests/init.pp @@ -0,0 +1,54 @@ +class gnupg { + class client { + package { ["gnupg","rng-utils"]: + ensure => present, + } + + file { ["/etc/gnupg", "/etc/gnupg/batches"]: + ensure => directory, + } + + file { "/etc/gnupg/keys": + ensure => directory, + mode => 600, + owner => root, + group => root + } + + file { "/usr/local/bin/create_gnupg_keys.sh": + ensure => present, + owner => root, + group => root, + mode => 755, + content => template('gnupg/create_gnupg_keys.sh') + } + } + + # debian recommend SHA2, with 4096 + # http://wiki.debian.org/Keysigning + # as they are heavy users of gpg, I will tend + # to follow them + # however, for testing purpose, 4096 is too strong, + # this empty the entropy of my vm + define keys( $email, + $key_name, + $key_type = 'RSA', + $key_length = '1024', + $expire_date = '1m' + ) { + + include gnupg::client + file { "$name.batch": + ensure => present, + path => "/etc/gnupg/batches/$name.batch", + content => template("gnupg/batch") + } + + # TODO make sure the perm are good + exec { "/usr/local/bin/create_gnupg_keys.sh $name": + user => root, + creates => "/etc/gnupg/keys/$name.secring", + require => File["/etc/gnupg/batches/$name.batch"] + } + } +} diff --git a/modules/gnupg/templates/batch b/modules/gnupg/templates/batch new file mode 100644 index 00000000..05ffe095 --- /dev/null +++ b/modules/gnupg/templates/batch @@ -0,0 +1,12 @@ +%echo Generating a standard key +Key-Type: <%= key_type %> +Key-Length: <%= key_length %> +Name-Real: <%= key_name %> +Name-Comment: Key made by puppet on <%= fqdn %> +Name-Email: <%= email %> +Expire-Date: <%= expire_date %> +%pubring <%= name %>.pub +%secring <%= name %>.sec +%commit +%echo done + diff --git a/modules/gnupg/templates/create_gnupg_keys.sh b/modules/gnupg/templates/create_gnupg_keys.sh new file mode 100644 index 00000000..fbb41277 --- /dev/null +++ b/modules/gnupg/templates/create_gnupg_keys.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +NAME=$1 + +/sbin/rngd -f -r /dev/urandom & +RAND=$! +cd /etc/gnupg/keys/ +gpg --homedir /etc/gnupg/keys/ --batch --gen-key /etc/gnupg/batches/$NAME.batch +EXIT=$? + +kill $RAND + +exit $EXIT |