[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl

Mon Jan 17 18:48:43 CET 2011

Le lundi 17 janvier 2011 à 18:30 +0100, nicolas vigier a écrit :
+> On Mon, 17 Jan 2011, Michael Scherer wrote:
+> 
+> > > > > I would recommend using a custom action, as privilege separation sound
+> > > > > like a good idea. I would prefer to avoid signing again the day of
+> > > > > release, for reasons that were already given.
+> > > > >
+> > > > >
+> > > > > Bonus, usage of the module :
+> > > > > ============================
+> > > > >
+> > > > >    gnupg::keys { "cauldron":
+> > > > >        email => "root@$domain",
+> > > > >        key_name => "John the plop",
+> > > > >        key_length => "4096"
+> > > > >    }
+> > > > >
+> > > > > create a key cauldron.sec and cauldron.pub in /etc/gnupg/keys/. I am not
+> > > > > sure of the format ( maybe have it exported would be good ), and I am
+> > > > > not sure that putting everything in this directory is the good location.
+> > > 
+> > > What are the permissions and owner on this directory ?
+> > 
+> > root, 600.
+> > See in the module ( I really need to install viewvc to give url to the
+> > file ).
+> 
+> I think an option to define owner, and path would be useful. Unless we
+> want to run the script to sign packages as root. Should we run it as
+> root, or with a user like "signbot" ? I don't think it needs to be run
+> as root, so I would use a user.
+
+That would make sense indeed, but would requires some addition and
+rewrites. I will look at it.
+
+-- 
+Michael Scherer
+
+