Remove passphrase from signing key

author: Jan Dittberner <jandd@cacert.org> 2019-08-02 10:13:02 +0200
committer: Jan Dittberner <jandd@cacert.org> 2019-08-02 10:13:02 +0200
commit: 8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48 (patch)
tree: 6d9e80846a47c5c9c411f33588c3f7c519d35206 /sitemodules
parent: 6809994bea8367ee11c579b8bec8f58a29d73145 (diff)
download: cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.tar.gz
cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.tar.xz
cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.zip
1 files changed, 11 insertions, 22 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp
index 01a9170..eb89f3e 100644
--- a/sitemodules/profiles/manifests/debarchive.pp
+++ b/sitemodules/profiles/manifests/debarchive.pp
@@ -6,20 +6,16 @@
 # Parameters
 # ----------
 #
-# @param notification_email_address  email address that will receive reports
-#                                    from mini-dinstall
+# @param notification_email_address email address that will receive reports
+#                                   from mini-dinstall
 #
-# @param release_signing_keygrip     GPG keygrip of the release signing key
+# @param release_signing_keyid      GPG key id of the release signing key
 #
-# @param release_signing_keyid       GPG key id of the release signing key
+# @param release_signing_key        data of a GPG key that is used for
+#                                   release file signing
 #
-# @param release_signing_passphrase  passphrase for the release signing key
-#
-# @param release_signing_private_key data of a GPG key that is used for
-#                                    release file signing
-#
-# @param uploaders                   a list of users that are allowed to dput
-#                                    files to the Debian archive
+# @param uploaders                  a list of users that are allowed to dput
+#                                   files to the Debian archive
 #
 # Examples
 # --------
@@ -41,10 +37,8 @@
 #
 class profiles::debarchive (
   String $notification_email_address,
-  String $release_signing_keygrip,
   String $release_signing_keyid,
-  String $release_signing_passphrase,
-  String $release_signing_private_key,
+  String $release_signing_key,
   Array[String] $uploaders = [],
 ) {
   include profiles::base
@@ -154,14 +148,7 @@ class profiles::debarchive (
     owner   => 'debarchive',
     group   => 'nogroup',
     mode    => '0600',
-    content => $release_signing_private_key,
-  }
-  file { "${gpg_home}/passphrase":
-    ensure  => file,
-    owner   => 'debarchive',
-    group   => 'nogroup',
-    mode    => '0600',
-    content => $release_signing_passphrase,
+    content => $release_signing_key,
   }
   file { "${gpg_home}/gpg-agent.conf":
     ensure  => file,
@@ -220,6 +207,7 @@ class profiles::debarchive (
       'Codename: stretch/cacert',
       'Architectures: amd64 source',
       'Components: main',
+      'SignWith: yes',
       '',
       ''], "\n"),
   }
@@ -231,6 +219,7 @@ class profiles::debarchive (
       'Codename: buster/cacert',
       'Architectures: amd64 source',
       'Components: main',
+      'SignWith: yes',
       '',
       ''], "\n"),
   }
author	Jan Dittberner <jandd@cacert.org>	2019-08-02 10:13:02 +0200
committer	Jan Dittberner <jandd@cacert.org>	2019-08-02 10:13:02 +0200
commit	8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48 (patch)
tree	6d9e80846a47c5c9c411f33588c3f7c519d35206 /sitemodules
parent	6809994bea8367ee11c579b8bec8f58a29d73145 (diff)
download	cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.tar.gz cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.tar.xz cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.zip