zarb-ml/mageia-sysadm/2011-January/002166.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B814%5D%20-%20add%20a%20module%20to%20generate%20gnupg%20key%20%28%0A%20similar%20to%20the%20one%20for%20openssl&In-Reply-To=%3C1295286523.24697.72.camel%40akroma.ephaone.org%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="002165.html">
   <LINK REL="Next"  HREF="002157.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl</H1>
    <B>Michael Scherer</B> 
    <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20%5B814%5D%20-%20add%20a%20module%20to%20generate%20gnupg%20key%20%28%0A%20similar%20to%20the%20one%20for%20openssl&In-Reply-To=%3C1295286523.24697.72.camel%40akroma.ephaone.org%3E"
       TITLE="[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl">misc at zarb.org
       </A><BR>
    <I>Mon Jan 17 18:48:43 CET 2011</I>
    <P><UL>
        <LI>Previous message: <A HREF="002165.html">[Mageia-sysadm] [814] - add a module to generate gnupg key	(	similar to the one for openssl
</A></li>
        <LI>Next message: <A HREF="002157.html">[Mageia-sysadm] [311] Do not let ulri run again until emi finished
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2166">[ date ]</a>
              <a href="thread.html#2166">[ thread ]</a>
              <a href="subject.html#2166">[ subject ]</a>
              <a href="author.html#2166">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>Le lundi 17 janvier 2011 &#224; 18:30 +0100, nicolas vigier a &#233;crit :
&gt;<i> On Mon, 17 Jan 2011, Michael Scherer wrote:
</I>&gt;<i> 
</I>&gt;<i> &gt; &gt; &gt; &gt; I would recommend using a custom action, as privilege separation sound
</I>&gt;<i> &gt; &gt; &gt; &gt; like a good idea. I would prefer to avoid signing again the day of
</I>&gt;<i> &gt; &gt; &gt; &gt; release, for reasons that were already given.
</I>&gt;<i> &gt; &gt; &gt; &gt;
</I>&gt;<i> &gt; &gt; &gt; &gt;
</I>&gt;<i> &gt; &gt; &gt; &gt; Bonus, usage of the module :
</I>&gt;<i> &gt; &gt; &gt; &gt; ============================
</I>&gt;<i> &gt; &gt; &gt; &gt;
</I>&gt;<i> &gt; &gt; &gt; &gt;    gnupg::keys { &quot;cauldron&quot;:
</I>&gt;<i> &gt; &gt; &gt; &gt;        email =&gt; &quot;root@$domain&quot;,
</I>&gt;<i> &gt; &gt; &gt; &gt;        key_name =&gt; &quot;John the plop&quot;,
</I>&gt;<i> &gt; &gt; &gt; &gt;        key_length =&gt; &quot;4096&quot;
</I>&gt;<i> &gt; &gt; &gt; &gt;    }
</I>&gt;<i> &gt; &gt; &gt; &gt;
</I>&gt;<i> &gt; &gt; &gt; &gt; create a key cauldron.sec and cauldron.pub in /etc/gnupg/keys/. I am not
</I>&gt;<i> &gt; &gt; &gt; &gt; sure of the format ( maybe have it exported would be good ), and I am
</I>&gt;<i> &gt; &gt; &gt; &gt; not sure that putting everything in this directory is the good location.
</I>&gt;<i> &gt; &gt; 
</I>&gt;<i> &gt; &gt; What are the permissions and owner on this directory ?
</I>&gt;<i> &gt; 
</I>&gt;<i> &gt; root, 600.
</I>&gt;<i> &gt; See in the module ( I really need to install viewvc to give url to the
</I>&gt;<i> &gt; file ).
</I>&gt;<i> 
</I>&gt;<i> I think an option to define owner, and path would be useful. Unless we
</I>&gt;<i> want to run the script to sign packages as root. Should we run it as
</I>&gt;<i> root, or with a user like &quot;signbot&quot; ? I don't think it needs to be run
</I>&gt;<i> as root, so I would use a user.
</I>
That would make sense indeed, but would requires some addition and
rewrites. I will look at it.

-- 
Michael Scherer

</PRE>


<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="002165.html">[Mageia-sysadm] [814] - add a module to generate gnupg key	(	similar to the one for openssl
</A></li>
	<LI>Next message: <A HREF="002157.html">[Mageia-sysadm] [311] Do not let ulri run again until emi finished
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#2166">[ date ]</a>
              <a href="thread.html#2166">[ thread ]</a>
              <a href="subject.html#2166">[ subject ]</a>
              <a href="author.html#2166">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>