2 files changed, 38 insertions, 0 deletions

diff --git a/deployment/releasekey/manifests/init.pp b/deployment/releasekey/manifests/init.pp
new file mode 100644
index 00000000..a3c99526
--- /dev/null
+++ b/deployment/releasekey/manifests/init.pp
@@ -0,0 +1,27 @@
+class releasekey {
+    $sign_login = 'releasekey'
+    $sign_home_dir = "/var/lib/${sign_login}"
+    $sign_keydir = "${sign_home_dir}/keys"
+    group { $sign_login: }
+
+    user { $sign_login:
+        comment => 'System user to sign Mageia Releases',
+        home    => $sign_home_dir,
+        gid     => $sign_login,
+        require => Group[$sign_login],
+    }
+
+    gnupg::keys{ 'release':
+        email    => "release@${::domain}",
+        #FIXME there should be a variable somewhere to change the name of the distribution
+        key_name => 'Mageia Release',
+        login    => $sign_login,
+        batchdir => "${sign_home_dir}/batches",
+        keydir   => $sign_keydir,
+        require  => User[$sign_login],
+    }
+
+    mga_common::local_script { 'sign_checksums':
+        content => template('releasekey/sign_checksums'),
+    }
+}
diff --git a/deployment/releasekey/templates/sign_checksums b/deployment/releasekey/templates/sign_checksums
new file mode 100644
index 00000000..5edf7e57
--- /dev/null
+++ b/deployment/releasekey/templates/sign_checksums
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ $# -lt 1 ]; then
+	echo "Usage: $0 <directory>"
+fi
+
+directory=$1
+cd "$directory"
+for chksum in *.md5 *.sha3 *.sha512; do
+	gpg --homedir "<%= @sign_keydir %>" --yes --sign "$chksum"
+done