[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl

Mon Jan 17 16:24:10 CET 2011

Revision: 814
Author:   misc
Date:     2011-01-17 16:24:10 +0100 (Mon, 17 Jan 2011)
Log Message:
-----------
- add a module to generate gnupg key ( similar to the one for openssl
  certs )

Added Paths:
-----------
    puppet/modules/gnupg/
    puppet/modules/gnupg/manifests/
    puppet/modules/gnupg/manifests/init.pp
    puppet/modules/gnupg/templates/
    puppet/modules/gnupg/templates/batch
    puppet/modules/gnupg/templates/create_gnupg_keys.sh

Added: puppet/modules/gnupg/manifests/init.pp
===================================================================

--- puppet/modules/gnupg/manifests/init.pp	                        (rev 0)
+++ puppet/modules/gnupg/manifests/init.pp	2011-01-17 15:24:10 UTC (rev 814)
@@ -0,0 +1,54 @@
+class gnupg {
+    class client {
+        package { ["gnupg","rng-utils"]:
+            ensure => present,
+        }
+        
+        file { ["/etc/gnupg", "/etc/gnupg/batches"]:
+            ensure => directory,
+        }
+
+        file { "/etc/gnupg/keys":
+            ensure => directory,
+            mode => 600,
+            owner => root,
+            group => root
+        }
+
+        file { "/usr/local/bin/create_gnupg_keys.sh":
+             ensure => present,
+             owner => root,
+             group => root,
+             mode => 755,
+             content => template('gnupg/create_gnupg_keys.sh')
+        }
+    }
+
+    # debian recommend SHA2, with 4096
+    # http://wiki.debian.org/Keysigning
+    # as they are heavy users of gpg, I will tend 
+    # to follow them
+    # however, for testing purpose, 4096 is too strong, 
+    # this empty the entropy of my vm
+    define keys( $email,
+                 $key_name,
+                 $key_type = 'RSA',
+                 $key_length = '1024',
+                 $expire_date = '1m'
+                 ) {
+
+            include gnupg::client
+            file { "$name.batch":
+                ensure => present,
+                path => "/etc/gnupg/batches/$name.batch",
+                content => template("gnupg/batch")
+            }
+
+            # TODO make sure the perm are good  
+            exec { "/usr/local/bin/create_gnupg_keys.sh $name":
+                 user => root,
+                 creates => "/etc/gnupg/keys/$name.secring",
+                 require => File["/etc/gnupg/batches/$name.batch"]
+            }
+    }
+}

Added: puppet/modules/gnupg/templates/batch
===================================================================
--- puppet/modules/gnupg/templates/batch	                        (rev 0)
+++ puppet/modules/gnupg/templates/batch	2011-01-17 15:24:10 UTC (rev 814)
@@ -0,0 +1,12 @@
+%echo Generating a standard key
+Key-Type: <%= key_type %>
+Key-Length: <%= key_length %>
+Name-Real: <%= key_name %>
+Name-Comment: Key made by puppet on <%= fqdn %> 
+Name-Email: <%= email %>
+Expire-Date: <%= expire_date %>
+%pubring <%= name %>.pub
+%secring <%= name %>.sec
+%commit
+%echo done
+

Added: puppet/modules/gnupg/templates/create_gnupg_keys.sh
===================================================================
--- puppet/modules/gnupg/templates/create_gnupg_keys.sh	                        (rev 0)
+++ puppet/modules/gnupg/templates/create_gnupg_keys.sh	2011-01-17 15:24:10 UTC (rev 814)
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+NAME=$1
+
+/sbin/rngd -f -r /dev/urandom &
+RAND=$!
+cd /etc/gnupg/keys/
+gpg --homedir /etc/gnupg/keys/ --batch --gen-key /etc/gnupg/batches/$NAME.batch 
+EXIT=$?
+
+kill $RAND
+
+exit $EXIT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20110117/d4cbbe29/attachment-0001.html>
