[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl

Michael Scherer misc at zarb.org
Mon Jan 17 18:48:43 CET 2011


Le lundi 17 janvier 2011 à 18:30 +0100, nicolas vigier a écrit :
> On Mon, 17 Jan 2011, Michael Scherer wrote:
> 
> > > > > I would recommend using a custom action, as privilege separation sound
> > > > > like a good idea. I would prefer to avoid signing again the day of
> > > > > release, for reasons that were already given.
> > > > >
> > > > >
> > > > > Bonus, usage of the module :
> > > > > ============================
> > > > >
> > > > >    gnupg::keys { "cauldron":
> > > > >        email => "root@$domain",
> > > > >        key_name => "John the plop",
> > > > >        key_length => "4096"
> > > > >    }
> > > > >
> > > > > create a key cauldron.sec and cauldron.pub in /etc/gnupg/keys/. I am not
> > > > > sure of the format ( maybe have it exported would be good ), and I am
> > > > > not sure that putting everything in this directory is the good location.
> > > 
> > > What are the permissions and owner on this directory ?
> > 
> > root, 600.
> > See in the module ( I really need to install viewvc to give url to the
> > file ).
> 
> I think an option to define owner, and path would be useful. Unless we
> want to run the script to sign packages as root. Should we run it as
> root, or with a user like "signbot" ? I don't think it needs to be run
> as root, so I would use a user.

That would make sense indeed, but would requires some addition and
rewrites. I will look at it.

-- 
Michael Scherer



More information about the Mageia-sysadm mailing list