diff options
| author | Jan Dittberner <jandd@cacert.org> | 2019-08-01 21:46:50 +0200 |
|---|---|---|
| committer | Jan Dittberner <jandd@cacert.org> | 2019-08-01 21:46:50 +0200 |
| commit | a177a645651c2549423af69d9a9ba4317a9bb1b7 (patch) | |
| tree | b6262162297f1a7fa9454ce8d9d4b24635fca220 /sitemodules/profiles/templates | |
| parent | 2062535ef2de36fe6d7656505ddb9aa55f32d69a (diff) | |
| download | cacert-puppet-a177a645651c2549423af69d9a9ba4317a9bb1b7.tar.gz cacert-puppet-a177a645651c2549423af69d9a9ba4317a9bb1b7.tar.xz cacert-puppet-a177a645651c2549423af69d9a9ba4317a9bb1b7.zip | |
Setup mini-dinstall under debarchive user
Diffstat (limited to 'sitemodules/profiles/templates')
| -rw-r--r-- | sitemodules/profiles/templates/debarchive/sign_release.epp | 56 | ||||
| -rw-r--r-- | sitemodules/profiles/templates/mini-dinstall.conf.epp | 19 |
2 files changed, 75 insertions, 0 deletions
diff --git a/sitemodules/profiles/templates/debarchive/sign_release.epp b/sitemodules/profiles/templates/debarchive/sign_release.epp new file mode 100644 index 0000000..27cc187 --- /dev/null +++ b/sitemodules/profiles/templates/debarchive/sign_release.epp @@ -0,0 +1,56 @@ +<%- | String $key_id | -%> +#!/bin/bash +# -*- coding: utf-8 -*- +# Script to GPG sign Release files +# Copyright © 2002 Colin Walters <walters@debian.org> +# Copyright © 2019 Jan Dittberner <jandd@cacert.org> + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Usage: + +# You need to create a secret keyring (secring.gpg). You can use your +# existing one, or create a new one by doing something like the +# following: + +# $ GNUPGHOME=/src/debian/mini-dinstall/s3kr1t gnupg --gen-key + +set -e + +# User variables +# MAKE SURE TO MAKE THIS DIRECTORY 0700! +export GNUPGHOME=/srv/debarchive/.gnupg +if [ ! -d "$GNUPGHOME" ]; then + mkdir -p "$GNUPGHOME" +fi +if [ -z "$USER" ]; then + USER=$(id -n -u) +fi +# This is just a default value +KEYID="<%= $key_id %>" +PASSPHRASE=$(cat "$GNUPGHOME/passphrase") + +# These should fail if for some reason the directory isn't owned by us +chown "$USER" "$GNUPGHOME" +chmod 0700 "$GNUPGHOME" + +# Initialize GPG +gpg --help 1>/dev/null 2>&1 || true + +rm -f Release.gpg.tmp InRelease.tmp +echo "$PASSPHRASE" | gpg --batch --no-tty --passphrase-fd 0 --pinentry-mode loopback --default-key "$KEYID" --detach-sign -o Release.gpg.tmp "$1" +mv Release.gpg.tmp Release.gpg +echo "$PASSPHRASE" | gpg --batch --no-tty --passphrase-fd 0 --pinentry-mode loopback --default-key "$KEYID" --clearsign -o InRelease.tmp "$1" +mv InRelease.tmp InRelease diff --git a/sitemodules/profiles/templates/mini-dinstall.conf.epp b/sitemodules/profiles/templates/mini-dinstall.conf.epp new file mode 100644 index 0000000..221127a --- /dev/null +++ b/sitemodules/profiles/templates/mini-dinstall.conf.epp @@ -0,0 +1,19 @@ +<%- | String $mail_to |-%> +[DEFAULT] +archivedir=/srv/debarchive/archive +incoming_permissions=0700 +keyrings=/srv/debarchive/cacert-keyring.gpg +logfile=/srv/debarchive/log/mini-dinstall.log +mail_to=<%= $mail_to %> +verify_sigs=True +archive_style=flat +generate_release=True +architectures=source, all, amd64 + +[cacert] +release_codename=cacert +release_description=CAcert Debian package releases +release_label=cacert +release_origin=cacert +release_suite=cacert +release_signscript=/srv/debarchive/scripts/sign_release |