summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-01 21:46:50 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-01 21:46:50 +0200
commita177a645651c2549423af69d9a9ba4317a9bb1b7 (patch)
treeb6262162297f1a7fa9454ce8d9d4b24635fca220 /sitemodules/profiles/templates
parent2062535ef2de36fe6d7656505ddb9aa55f32d69a (diff)
downloadcacert-puppet-a177a645651c2549423af69d9a9ba4317a9bb1b7.tar.gz
cacert-puppet-a177a645651c2549423af69d9a9ba4317a9bb1b7.tar.xz
cacert-puppet-a177a645651c2549423af69d9a9ba4317a9bb1b7.zip
Setup mini-dinstall under debarchive user
Diffstat (limited to 'sitemodules/profiles/templates')
-rw-r--r--sitemodules/profiles/templates/debarchive/sign_release.epp56
-rw-r--r--sitemodules/profiles/templates/mini-dinstall.conf.epp19
2 files changed, 75 insertions, 0 deletions
diff --git a/sitemodules/profiles/templates/debarchive/sign_release.epp b/sitemodules/profiles/templates/debarchive/sign_release.epp
new file mode 100644
index 0000000..27cc187
--- /dev/null
+++ b/sitemodules/profiles/templates/debarchive/sign_release.epp
@@ -0,0 +1,56 @@
+<%- | String $key_id | -%>
+#!/bin/bash
+# -*- coding: utf-8 -*-
+# Script to GPG sign Release files
+# Copyright © 2002 Colin Walters <walters@debian.org>
+# Copyright © 2019 Jan Dittberner <jandd@cacert.org>
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+# Usage:
+
+# You need to create a secret keyring (secring.gpg). You can use your
+# existing one, or create a new one by doing something like the
+# following:
+
+# $ GNUPGHOME=/src/debian/mini-dinstall/s3kr1t gnupg --gen-key
+
+set -e
+
+# User variables
+# MAKE SURE TO MAKE THIS DIRECTORY 0700!
+export GNUPGHOME=/srv/debarchive/.gnupg
+if [ ! -d "$GNUPGHOME" ]; then
+ mkdir -p "$GNUPGHOME"
+fi
+if [ -z "$USER" ]; then
+ USER=$(id -n -u)
+fi
+# This is just a default value
+KEYID="<%= $key_id %>"
+PASSPHRASE=$(cat "$GNUPGHOME/passphrase")
+
+# These should fail if for some reason the directory isn't owned by us
+chown "$USER" "$GNUPGHOME"
+chmod 0700 "$GNUPGHOME"
+
+# Initialize GPG
+gpg --help 1>/dev/null 2>&1 || true
+
+rm -f Release.gpg.tmp InRelease.tmp
+echo "$PASSPHRASE" | gpg --batch --no-tty --passphrase-fd 0 --pinentry-mode loopback --default-key "$KEYID" --detach-sign -o Release.gpg.tmp "$1"
+mv Release.gpg.tmp Release.gpg
+echo "$PASSPHRASE" | gpg --batch --no-tty --passphrase-fd 0 --pinentry-mode loopback --default-key "$KEYID" --clearsign -o InRelease.tmp "$1"
+mv InRelease.tmp InRelease
diff --git a/sitemodules/profiles/templates/mini-dinstall.conf.epp b/sitemodules/profiles/templates/mini-dinstall.conf.epp
new file mode 100644
index 0000000..221127a
--- /dev/null
+++ b/sitemodules/profiles/templates/mini-dinstall.conf.epp
@@ -0,0 +1,19 @@
+<%- | String $mail_to |-%>
+[DEFAULT]
+archivedir=/srv/debarchive/archive
+incoming_permissions=0700
+keyrings=/srv/debarchive/cacert-keyring.gpg
+logfile=/srv/debarchive/log/mini-dinstall.log
+mail_to=<%= $mail_to %>
+verify_sigs=True
+archive_style=flat
+generate_release=True
+architectures=source, all, amd64
+
+[cacert]
+release_codename=cacert
+release_description=CAcert Debian package releases
+release_label=cacert
+release_origin=cacert
+release_suite=cacert
+release_signscript=/srv/debarchive/scripts/sign_release