[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl

Mon Jan 17 18:30:32 CET 2011

On Mon, 17 Jan 2011, Michael Scherer wrote:
+
+> > > > I would recommend using a custom action, as privilege separation sound
+> > > > like a good idea. I would prefer to avoid signing again the day of
+> > > > release, for reasons that were already given.
+> > > >
+> > > >
+> > > > Bonus, usage of the module :
+> > > > ============================
+> > > >
+> > > >    gnupg::keys { "cauldron":
+> > > >        email => "root@$domain",
+> > > >        key_name => "John the plop",
+> > > >        key_length => "4096"
+> > > >    }
+> > > >
+> > > > create a key cauldron.sec and cauldron.pub in /etc/gnupg/keys/. I am not
+> > > > sure of the format ( maybe have it exported would be good ), and I am
+> > > > not sure that putting everything in this directory is the good location.
+> > 
+> > What are the permissions and owner on this directory ?
+> 
+> root, 600.
+> See in the module ( I really need to install viewvc to give url to the
+> file ).
+
+I think an option to define owner, and path would be useful. Unless we
+want to run the script to sign packages as root. Should we run it as
+root, or with a user like "signbot" ? I don't think it needs to be run
+as root, so I would use a user.
+
+