2013-12-19 14:11:19 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
#
|
|
|
|
|
# Set up a keyring for Hiera GPG
|
|
|
|
|
# https://github.com/crayfishx/hiera-gpg
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
GNUPGHOME=/etc/hiera/gpg
|
|
|
|
|
export GNUPGHOME
|
|
|
|
|
|
|
|
|
|
if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then
|
|
|
|
|
apt-get update
|
|
|
|
|
apt-get -y install ruby-gpgme
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ ! -s $GNUPGHOME/secring.gpg ]; then
|
|
|
|
|
|
|
|
|
|
if [ "x$1" != "x--force" ]; then
|
|
|
|
|
echo ""
|
|
|
|
|
echo "Automatic Hiera-GPG key generation DISABLED (to not block on missing entropy)"
|
|
|
|
|
echo ""
|
|
|
|
|
echo " Run \`$0 --force' manually"
|
|
|
|
|
echo ""
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -f /usr/bin/gpg2 ]; then
|
|
|
|
|
apt-get update
|
|
|
|
|
apt-get -y install gnupg2
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
mkdir -p $GNUPGHOME
|
|
|
|
|
chmod 700 $GNUPGHOME
|
|
|
|
|
|
|
|
|
|
TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX)
|
|
|
|
|
cat > $TMPFILE <<EOF
|
|
|
|
|
%echo Generating a default key
|
|
|
|
|
Key-Type: default
|
|
|
|
|
Subkey-Type: default
|
|
|
|
|
Name-Real: Cosmos Puppet
|
|
|
|
|
Name-Comment: Hiera GPG key
|
|
|
|
|
Name-Email: root@`hostname --fqdn`
|
|
|
|
|
Expire-Date: 0
|
|
|
|
|
# Do a commit here, so that we can later print "done" :-)
|
2017-01-09 21:03:38 +00:00
|
|
|
%no-protection
|
2013-12-19 14:11:19 +00:00
|
|
|
%commit
|
|
|
|
|
%echo done
|
|
|
|
|
EOF
|
|
|
|
|
gpg2 --batch --gen-key $TMPFILE
|
|
|
|
|
rm -f $TMPFILE
|
|
|
|
|
fi
|
