[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl

Mon Jan 17 18:19:35 CET 2011

+> > >
+> > > How do we sign
+> > > ==============
+> > >
+> > > Again, point 3 have a impact here. Either we sign when uploaded, using
+> > > youri, or using a custom action ( as current one do not permit to change
+> > > uid ), or we use some custom cronjob to sign.
+> 
+> I vote too for using a custom action, to store the key on a separate
+> account, and use it with a script run with sudo.
+> 
+> It can be done with a cron job too, but it will slower I think. Is there
+> any advantage doing it with a cron job ?
+
+No. But as we will also use a cronjob to recreate hdlist, this would
+have made sense maybe.
+
+> > >
+> > > Or we sign when the release is made.
+> 
+> That would mean having unsigned cauldron packages ?
+
+that would ease the PLF hidden secret plan, but no, I wanted to say
+"resign packages".
+
+> > >
+> > > I would recommend using a custom action, as privilege separation sound
+> > > like a good idea. I would prefer to avoid signing again the day of
+> > > release, for reasons that were already given.
+> > >
+> > >
+> > > Bonus, usage of the module :
+> > > ============================
+> > >
+> > >    gnupg::keys { "cauldron":
+> > >        email => "root@$domain",
+> > >        key_name => "John the plop",
+> > >        key_length => "4096"
+> > >    }
+> > >
+> > > create a key cauldron.sec and cauldron.pub in /etc/gnupg/keys/. I am not
+> > > sure of the format ( maybe have it exported would be good ), and I am
+> > > not sure that putting everything in this directory is the good location.
+> 
+> What are the permissions and owner on this directory ?
+
+root, 600.
+See in the module ( I really need to install viewvc to give url to the
+file ).
+
+-- 
+Michael Scherer
+
+