dgolja / golja-gnupg Goto Github PK
View Code? Open in Web Editor NEWPuppet module for managing GnuPG package and public keys
License: Apache License 2.0
Puppet module for managing GnuPG package and public keys
License: Apache License 2.0
Hi @n1tr0g ,
I'm having an issue similar to this.
Can you please re-package and update the Forge?
Thank you,
Yarden
Hi Guys,
I fix it with function 'ensure_packages' in the puppetlabs/stdlib module and create a pull request - #35
Thanks and Regards
Ivan Atanasov
friendly reminder :)
1.2.3 is on the forge but not tagged here.
in the example below key_type is set private
gnupg_key { 'hkp_server_20BC0A86':
ensure => present,
key_id => '20BC0A86',
user => 'root',
key_server => 'hkp://pgp.mit.edu/',
key_type => private,
}
which produces the error Use of reserved word: private, must be quoted if intended to be a String value
In our use we are now quoting private, e.g.
gnupg_key { 'hkp_server_20BC0A86':
ensure => present,
key_id => '20BC0A86',
user => 'root',
key_server => 'hkp://pgp.mit.edu/',
key_type => 'private',
}
and the module is continuing to function as expected. Based on that I believe it just needs to be adjusted in the ready to be quoted as a string.
Sample regex: http://unix.stackexchange.com/a/157430
Add support for fetching the gpg key through a proxy.
I attempted to add this support here: #17. I've been running this code locally for several weeks.
Applying gnupg_key resources fail if the node running the agent is missing a directory environment matching the environment given in /etc/puppetlabs/puppet/puppet.conf (or on the command-line):
$ puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for server.domain.com
Info: Applying configuration version '1447410145'
Error: Could not find a directory environment named 'testing' anywhere in the path: /etc/puppetlabs/code/environments. Does the directory exist?
Error: /Stage[main]/Freight::Config::Gnupg/Gnupg_key[freight-public-key]/ensure: change from absent to present failed: Could not find a directory environment named 'testing' anywhere in the path: /etc/puppetlabs/code/environments. Does the directory exist?
Error: Could not find a directory environment named 'testing' anywhere in the path: /etc/puppetlabs/code/environments. Does the directory exist?
Error: /Stage[main]/Freight::Config::Gnupg/Gnupg_key[freight-private-key]/ensure: change from absent to present failed: Could not find a directory environment named 'testing' anywhere in the path: /etc/puppetlabs/code/environments. Does the directory exist?
Notice: Applied catalog in 0.36 seconds
This problem can be circumvented by creating the said directory environment on the node that runs the Puppe Agent:
$ mkdir /etc/puppetlabs/code/environments/testing
$ puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for server.domain.com
Info: Applying configuration version '1447410758'
Notice: /Stage[main]/Freight::Config::Gnupg/Gnupg_key[freight-public-key]/ensure: created
Notice: /Stage[main]/Freight::Config::Gnupg/Gnupg_key[freight-private-key]/ensure: created
Notice: Applied catalog in 0.43 seconds
This problem is reproducible on Puppet 4.2.3. I have not tested any of the earlier versions. On the puppetserver side the environment is correctly configured, and nothing suspicious shows up in /var/log/puppetlabs/puppetserver/puppetserver.log. So this failure occurs strictly on the agent side.
We have to manually specify require => User[$someUser]
for each gnupg
resource defined, to make sure the user
is created before the gnupg
.
Since we already set the user for the gnupg type, we can autorequire it.
Preparing for Puppet 8 (which needs Ruby 3.2)
Hey dgolja,
Here at puppetlabs, we are currently going through all of our Approved modules on the Puppet Forge. We have some feedback for your module if you would be interested in retaining the approved status. If you are keen on keeping your approved status please ensure you respond as soon as you possibly can.
Many Thanks
The Puppet Approvals Committee.
Hello,
Is is possible to create a new tag with Puppet 8x compatibility ?
Thanks.
Has anyone looked at what it would take to upgrade this module to be compatible with puppet v4?
The documentation on the puppet forge suggests that the module is not supported / tested past v4.0
I would like to manage a key only if gpg is installed on a system.
RVM only uses gpg if it is installed, so I would like to replicate this behavior in the RVM module here:
https://forge.puppetlabs.com/maestrodev/rvm
It currently uses an exec for key management, but I would prefer to switch to this module.
Is there anyway currently to tell if gpg is already installed? If not, what do you think of adding a fact?
I could write one and submit a PR.
I am using v. 1.2.3.
I use this code in manifest:
create_resources('gnupg_key', $::profiles::common::gpg_keys::user_keys,
{'ensure' => 'present'})
and this in hiera:
profiles::common::gpg_keys::user_keys:
'All something something something <[email protected]>':
key_id: 'someid'
user: root
key_content: 'somecontent'
key_type: public
..and with each puppet run I get:
Notice: /Stage[main]/Profiles::Common::Gpg_user_keys/Gnupg_key[All something something something <[email protected]>]/ensure: created
I think that this started happening when I started to use key name with a space in it...
Hi,
There doesn't appear to be any way to set the trust level of installed keys when using this module to add gnupg keys. This can be necessary if, for example, gpg public keys are being installed which are going to be used to encrypt files (in which case, gpg likes the public keys involved to be trusted).
Could we adapt the module to allow setting of trust levels via a parameter to the gnupg_key type?
Something like:
gnupg_key {
'mykey - public':
ensure => present,
key_id => 'a2b4c6f8',
user => 'root',
key_content => "-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----",
key_trust => 6,
key_type => public;
}
The --import-ownertrust gpg command could be used, to this end.
I'm trying to use the maestrodev rvm module which has this module as a dependency. I have declared the following class into my profile to make sure there was nothing wonky on the call from rvm module:
include ::gnupg
gnupg_key { 'hkp_server_D39DC0E3':
ensure => present,
key_id => 'D39DC0E3',
user => 'root',
key_server => 'hkp://keys.gnupg.net',
key_type => public,
}
From puppet run with debug enabled:
Debug: Executing 'gpg --list-keys --with-colons D39DC0E3'
Error: /Stage[main]/Profiles::cool_app/Gnupg_key[hkp_server_D39DC0E3]: Could not evaluate: undefined method `exitstatus' for #String:0x00000005111ae8
When I run the command above manually on the instance this is what I get:
gpg --list-keys --with-colons D39DC0E3
tru::1:1434731668:0:3:1:5
gpg: error reading key: No public key
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.