3 files changed, 56 insertions, 0 deletions

diff --git a/modules/gnupg/manifests/client.pp b/modules/gnupg/manifests/client.pp
new file mode 100644
index 00000000..301e569a
--- /dev/null
+++ b/modules/gnupg/manifests/client.pp
@@ -0,0 +1,17 @@
+class gnupg::client {
+if versioncmp($::lsbdistrelease, '7') < 0 {
+    package {['gnupg',
+              'rng-utils']:
+    }
+} else {
+    package {['gnupg2',
+              'rng-utils']:
+    }
+}
+
+    mga_common::local_script { 'create_gnupg_keys.sh':
+        content => template('gnupg/create_gnupg_keys.sh')
+    }
+}
+
+
diff --git a/modules/gnupg/manifests/init.pp b/modules/gnupg/manifests/init.pp
new file mode 100644
index 00000000..d6ae319d
--- /dev/null
+++ b/modules/gnupg/manifests/init.pp
@@ -0,0 +1 @@
+class gnupg { }
diff --git a/modules/gnupg/manifests/keys.pp b/modules/gnupg/manifests/keys.pp
new file mode 100644
index 00000000..b99ed393
--- /dev/null
+++ b/modules/gnupg/manifests/keys.pp
@@ -0,0 +1,38 @@
+    # debian recommend SHA2, with 4096
+    # https://wiki.debian.org/Keysigning
+    # as they are heavy users of gpg, I will tend
+    # to follow them
+    # however, for testing purpose, 4096 is too strong,
+    # this empty the entropy of my vm
+define gnupg::keys($email,
+                   $key_name,
+                   $key_type = 'RSA',
+                   $key_length = '4096',
+                   $expire_date = '400d',
+                   $login = 'signbot',
+                   $batchdir = '/var/lib/signbot/batches',
+                   $keydir = '/var/lib/signbot/keys') {
+
+    include gnupg::client
+    file { "${name}.batch":
+        path    => "${batchdir}/${name}.batch",
+        content => template('gnupg/batch')
+    }
+
+    file { $keydir:
+        ensure => directory,
+        owner  => $login,
+        mode   => '0700',
+    }
+
+    file { $batchdir:
+        ensure => directory,
+        owner  => $login,
+    }
+
+    exec { "/usr/local/bin/create_gnupg_keys.sh ${batchdir}/${name}.batch ${keydir} ${batchdir}/${name}.done":
+        user    => $login,
+        creates => "${batchdir}/${name}.done",
+        require => [File[$keydir], File["${batchdir}/${name}.batch"], Package['rng-utils']],
+    }
+}