[Mageia-sysadm] [814] - add a module to generate gnupg key ( similar to the one for openssl
nicolas vigier
boklm at mars-attacks.org
Mon Jan 17 18:30:32 CET 2011
On Mon, 17 Jan 2011, Michael Scherer wrote:
> > > > I would recommend using a custom action, as privilege separation sound
> > > > like a good idea. I would prefer to avoid signing again the day of
> > > > release, for reasons that were already given.
> > > >
> > > >
> > > > Bonus, usage of the module :
> > > > ============================
> > > >
> > > > gnupg::keys { "cauldron":
> > > > email => "root@$domain",
> > > > key_name => "John the plop",
> > > > key_length => "4096"
> > > > }
> > > >
> > > > create a key cauldron.sec and cauldron.pub in /etc/gnupg/keys/. I am not
> > > > sure of the format ( maybe have it exported would be good ), and I am
> > > > not sure that putting everything in this directory is the good location.
> >
> > What are the permissions and owner on this directory ?
>
> root, 600.
> See in the module ( I really need to install viewvc to give url to the
> file ).
I think an option to define owner, and path would be useful. Unless we
want to run the script to sign packages as root. Should we run it as
root, or with a user like "signbot" ? I don't think it needs to be run
as root, so I would use a user.
More information about the Mageia-sysadm
mailing list