summaryrefslogtreecommitdiff
path: root/sitemodules
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-08-02 10:13:02 +0200
committerJan Dittberner <jandd@cacert.org>2019-08-02 10:13:02 +0200
commit8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48 (patch)
tree6d9e80846a47c5c9c411f33588c3f7c519d35206 /sitemodules
parent6809994bea8367ee11c579b8bec8f58a29d73145 (diff)
downloadcacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.tar.gz
cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.tar.xz
cacert-puppet-8f07f7e27b1f8fb180aaa385adf7a691b9f2fd48.zip
Remove passphrase from signing key
Diffstat (limited to 'sitemodules')
-rw-r--r--sitemodules/profiles/manifests/debarchive.pp33
1 files changed, 11 insertions, 22 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp
index 01a9170..eb89f3e 100644
--- a/sitemodules/profiles/manifests/debarchive.pp
+++ b/sitemodules/profiles/manifests/debarchive.pp
@@ -6,20 +6,16 @@
# Parameters
# ----------
#
-# @param notification_email_address email address that will receive reports
-# from mini-dinstall
+# @param notification_email_address email address that will receive reports
+# from mini-dinstall
#
-# @param release_signing_keygrip GPG keygrip of the release signing key
+# @param release_signing_keyid GPG key id of the release signing key
#
-# @param release_signing_keyid GPG key id of the release signing key
+# @param release_signing_key data of a GPG key that is used for
+# release file signing
#
-# @param release_signing_passphrase passphrase for the release signing key
-#
-# @param release_signing_private_key data of a GPG key that is used for
-# release file signing
-#
-# @param uploaders a list of users that are allowed to dput
-# files to the Debian archive
+# @param uploaders a list of users that are allowed to dput
+# files to the Debian archive
#
# Examples
# --------
@@ -41,10 +37,8 @@
#
class profiles::debarchive (
String $notification_email_address,
- String $release_signing_keygrip,
String $release_signing_keyid,
- String $release_signing_passphrase,
- String $release_signing_private_key,
+ String $release_signing_key,
Array[String] $uploaders = [],
) {
include profiles::base
@@ -154,14 +148,7 @@ class profiles::debarchive (
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
- content => $release_signing_private_key,
- }
- file { "${gpg_home}/passphrase":
- ensure => file,
- owner => 'debarchive',
- group => 'nogroup',
- mode => '0600',
- content => $release_signing_passphrase,
+ content => $release_signing_key,
}
file { "${gpg_home}/gpg-agent.conf":
ensure => file,
@@ -220,6 +207,7 @@ class profiles::debarchive (
'Codename: stretch/cacert',
'Architectures: amd64 source',
'Components: main',
+ 'SignWith: yes',
'',
''], "\n"),
}
@@ -231,6 +219,7 @@ class profiles::debarchive (
'Codename: buster/cacert',
'Architectures: amd64 source',
'Components: main',
+ 'SignWith: yes',
'',
''], "\n"),
}