From 389c04019b6df3dcbaf0c9d34a95601231895092 Mon Sep 17 00:00:00 2001
From: Fredrik Thulin <fredrik@thulin.net>
Date: Thu, 19 Dec 2013 15:11:19 +0100
Subject: Add hiera-gpg for storing secrets used in templates.

---
 global/pre-tasks.d/040hiera-gpg | 52 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100755 global/pre-tasks.d/040hiera-gpg

(limited to 'global/pre-tasks.d/040hiera-gpg')

diff --git a/global/pre-tasks.d/040hiera-gpg b/global/pre-tasks.d/040hiera-gpg
new file mode 100755
index 0000000..e5de6da
--- /dev/null
+++ b/global/pre-tasks.d/040hiera-gpg
@@ -0,0 +1,52 @@
+#!/bin/sh
+#
+# Set up a keyring for Hiera GPG
+#   https://github.com/crayfishx/hiera-gpg
+#
+
+set -e
+
+GNUPGHOME=/etc/hiera/gpg
+export GNUPGHOME
+
+if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then
+    apt-get update
+    apt-get -y install ruby-gpgme
+fi
+
+
+if [ ! -s $GNUPGHOME/secring.gpg ]; then
+
+    if [ "x$1" != "x--force" ]; then
+	echo ""
+	echo "Automatic Hiera-GPG key generation DISABLED (to not block on missing entropy)"
+	echo ""
+	echo "  Run \`$0 --force' manually"
+	echo ""
+	exit 0
+    fi
+
+    if [ ! -f /usr/bin/gpg2 ]; then
+	apt-get update
+	apt-get -y install gnupg2
+    fi
+
+    mkdir -p $GNUPGHOME
+    chmod 700 $GNUPGHOME
+
+    TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX)
+    cat > $TMPFILE <<EOF
+%echo Generating a default key
+Key-Type: default
+Subkey-Type: default
+Name-Real: Cosmos Puppet
+Name-Comment: Hiera GPG key
+Name-Email: root@`hostname --fqdn`
+Expire-Date: 0
+# Do a commit here, so that we can later print "done" :-)
+%commit
+%echo done
+EOF
+    gpg2 --batch --gen-key $TMPFILE
+    rm -f $TMPFILE
+fi
-- 
cgit v1.1