blob: 0ef2d86b294dfc3d5916a74d81488af0fb29e87f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
#!/bin/sh
#
# Set up a keyring for Hiera GPG
# https://github.com/crayfishx/hiera-gpg
#
set -e
GNUPGHOME=/etc/hiera/gpg
export GNUPGHOME
if [ ! -f /usr/lib/ruby/vendor_ruby/gpgme.rb ]; then
apt-get update
apt-get -y install ruby-gpgme
fi
# this is useful to make the cmdline hiera tool work
if [ -f /etc/hiera/data/secrets.yaml.asc -a ! -f /etc/hiera/data/secrets.yaml.gpg ]; then
(cd /etc/hiera/data && ln -s secrets.yaml.asc secrets.yaml.gpg)
fi
if [ ! -s $GNUPGHOME/secring.gpg -a ! -s /etc/hiera/gpg/pubring.kbx ]; then
if [ "x$1" != "x--force" ]; then
echo ""
echo "Automatic Hiera-GPG key generation DISABLED (to not block on missing entropy)"
echo ""
echo " Run \`$0 --force' manually"
echo ""
exit 0
fi
if [ ! -f /usr/bin/gpg2 ]; then
apt-get update
apt-get -y install gnupg2
fi
mkdir -p $GNUPGHOME
chmod 700 $GNUPGHOME
TMPFILE=$(mktemp /tmp/hiera-gpg.XXXXXX)
cat > $TMPFILE <<EOF
%echo Generating a default key
Key-Type: default
Subkey-Type: default
Name-Real: Cosmos Puppet
Name-Comment: Hiera GPG key
Name-Email: root@`hostname --fqdn`
Expire-Date: 0
# Do a commit here, so that we can later print "done" :-)
%no-protection
%commit
%echo done
EOF
gpg2 --batch --gen-key $TMPFILE
rm -f $TMPFILE
fi
|
