aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules/gnupg/manifests/init.pp54
-rw-r--r--modules/gnupg/templates/batch12
-rw-r--r--modules/gnupg/templates/create_gnupg_keys.sh13
3 files changed, 79 insertions, 0 deletions
diff --git a/modules/gnupg/manifests/init.pp b/modules/gnupg/manifests/init.pp
new file mode 100644
index 00000000..b7f5781a
--- /dev/null
+++ b/modules/gnupg/manifests/init.pp
@@ -0,0 +1,54 @@
+class gnupg {
+ class client {
+ package { ["gnupg","rng-utils"]:
+ ensure => present,
+ }
+
+ file { ["/etc/gnupg", "/etc/gnupg/batches"]:
+ ensure => directory,
+ }
+
+ file { "/etc/gnupg/keys":
+ ensure => directory,
+ mode => 600,
+ owner => root,
+ group => root
+ }
+
+ file { "/usr/local/bin/create_gnupg_keys.sh":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 755,
+ content => template('gnupg/create_gnupg_keys.sh')
+ }
+ }
+
+ # debian recommend SHA2, with 4096
+ # http://wiki.debian.org/Keysigning
+ # as they are heavy users of gpg, I will tend
+ # to follow them
+ # however, for testing purpose, 4096 is too strong,
+ # this empty the entropy of my vm
+ define keys( $email,
+ $key_name,
+ $key_type = 'RSA',
+ $key_length = '1024',
+ $expire_date = '1m'
+ ) {
+
+ include gnupg::client
+ file { "$name.batch":
+ ensure => present,
+ path => "/etc/gnupg/batches/$name.batch",
+ content => template("gnupg/batch")
+ }
+
+ # TODO make sure the perm are good
+ exec { "/usr/local/bin/create_gnupg_keys.sh $name":
+ user => root,
+ creates => "/etc/gnupg/keys/$name.secring",
+ require => File["/etc/gnupg/batches/$name.batch"]
+ }
+ }
+}
diff --git a/modules/gnupg/templates/batch b/modules/gnupg/templates/batch
new file mode 100644
index 00000000..05ffe095
--- /dev/null
+++ b/modules/gnupg/templates/batch
@@ -0,0 +1,12 @@
+%echo Generating a standard key
+Key-Type: <%= key_type %>
+Key-Length: <%= key_length %>
+Name-Real: <%= key_name %>
+Name-Comment: Key made by puppet on <%= fqdn %>
+Name-Email: <%= email %>
+Expire-Date: <%= expire_date %>
+%pubring <%= name %>.pub
+%secring <%= name %>.sec
+%commit
+%echo done
+
diff --git a/modules/gnupg/templates/create_gnupg_keys.sh b/modules/gnupg/templates/create_gnupg_keys.sh
new file mode 100644
index 00000000..fbb41277
--- /dev/null
+++ b/modules/gnupg/templates/create_gnupg_keys.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+NAME=$1
+
+/sbin/rngd -f -r /dev/urandom &
+RAND=$!
+cd /etc/gnupg/keys/
+gpg --homedir /etc/gnupg/keys/ --batch --gen-key /etc/gnupg/batches/$NAME.batch
+EXIT=$?
+
+kill $RAND
+
+exit $EXIT