[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl
root at mageia.org
root at mageia.org
Mon Jan 17 16:24:10 CET 2011
Revision: 814
Author: misc
Date: 2011-01-17 16:24:10 +0100 (Mon, 17 Jan 2011)
Log Message:
-----------
- add a module to generate gnupg key ( similar to the one for openssl
certs )
Added Paths:
-----------
puppet/modules/gnupg/
puppet/modules/gnupg/manifests/
puppet/modules/gnupg/manifests/init.pp
puppet/modules/gnupg/templates/
puppet/modules/gnupg/templates/batch
puppet/modules/gnupg/templates/create_gnupg_keys.sh
Added: puppet/modules/gnupg/manifests/init.pp
===================================================================
--- puppet/modules/gnupg/manifests/init.pp (rev 0)
+++ puppet/modules/gnupg/manifests/init.pp 2011-01-17 15:24:10 UTC (rev 814)
@@ -0,0 +1,54 @@
+class gnupg {
+ class client {
+ package { ["gnupg","rng-utils"]:
+ ensure => present,
+ }
+
+ file { ["/etc/gnupg", "/etc/gnupg/batches"]:
+ ensure => directory,
+ }
+
+ file { "/etc/gnupg/keys":
+ ensure => directory,
+ mode => 600,
+ owner => root,
+ group => root
+ }
+
+ file { "/usr/local/bin/create_gnupg_keys.sh":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 755,
+ content => template('gnupg/create_gnupg_keys.sh')
+ }
+ }
+
+ # debian recommend SHA2, with 4096
+ # http://wiki.debian.org/Keysigning
+ # as they are heavy users of gpg, I will tend
+ # to follow them
+ # however, for testing purpose, 4096 is too strong,
+ # this empty the entropy of my vm
+ define keys( $email,
+ $key_name,
+ $key_type = 'RSA',
+ $key_length = '1024',
+ $expire_date = '1m'
+ ) {
+
+ include gnupg::client
+ file { "$name.batch":
+ ensure => present,
+ path => "/etc/gnupg/batches/$name.batch",
+ content => template("gnupg/batch")
+ }
+
+ # TODO make sure the perm are good
+ exec { "/usr/local/bin/create_gnupg_keys.sh $name":
+ user => root,
+ creates => "/etc/gnupg/keys/$name.secring",
+ require => File["/etc/gnupg/batches/$name.batch"]
+ }
+ }
+}
Added: puppet/modules/gnupg/templates/batch
===================================================================
--- puppet/modules/gnupg/templates/batch (rev 0)
+++ puppet/modules/gnupg/templates/batch 2011-01-17 15:24:10 UTC (rev 814)
@@ -0,0 +1,12 @@
+%echo Generating a standard key
+Key-Type: <%= key_type %>
+Key-Length: <%= key_length %>
+Name-Real: <%= key_name %>
+Name-Comment: Key made by puppet on <%= fqdn %>
+Name-Email: <%= email %>
+Expire-Date: <%= expire_date %>
+%pubring <%= name %>.pub
+%secring <%= name %>.sec
+%commit
+%echo done
+
Added: puppet/modules/gnupg/templates/create_gnupg_keys.sh
===================================================================
--- puppet/modules/gnupg/templates/create_gnupg_keys.sh (rev 0)
+++ puppet/modules/gnupg/templates/create_gnupg_keys.sh 2011-01-17 15:24:10 UTC (rev 814)
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+NAME=$1
+
+/sbin/rngd -f -r /dev/urandom &
+RAND=$!
+cd /etc/gnupg/keys/
+gpg --homedir /etc/gnupg/keys/ --batch --gen-key /etc/gnupg/batches/$NAME.batch
+EXIT=$?
+
+kill $RAND
+
+exit $EXIT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20110117/d4cbbe29/attachment-0001.html>
More information about the Mageia-sysadm
mailing list