README.md 1.78 KB
Newer Older
Stefan Schulte's avatar
Stefan Schulte committed
1
2
3
Puppet RPMKEY Module
====================

Stefan Schulte's avatar
Stefan Schulte committed
4
5
[![Build Status](https://travis-ci.org/stschulte/puppet-rpmkey.png?branch=master)](https://travis-ci.org/stschulte/puppet-rpmkey)

Stefan Schulte's avatar
Stefan Schulte committed
6
7
8
9
10
11
12
13
14
15
16
17
This repository aims to ease the GPG keymanagement with rpm

New facts
---------
(currently none)

New functions
-------------
(currently none)

New custom types
----------------
Stefan Schulte's avatar
Stefan Schulte committed
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

### rpmkey

A package maintainer can sign his RPM packages with a gpg key. The signed RPM package can later be
verified by the rpm utility if the corresponding public key of the package maintainer is present.
RPM has its own keyring and commands to import and remove keys.

A key can be imported with `rpm --import` and will then present itself as an installed package of the form
`gpgkey-#{keyid}-#{signature_date}`. A key can be removed by removing the package with `rpm -e`.

The new puppet `rpmkey` type treats a single key as resource so you can e.g. specify

    rpmkey { '0608B895':
      ensure => present,
      source => 'https://fedoraproject.org/static/0608B895.txt',
    }

or - if you want to make sure a key is deleted - specify

    rpmkey { '0608B895':
      ensure => absent,
    }

The `name` of the `rpmkey` resource has to be the keyID of the gpg key.
42
43
44
45
46
47
48
The keyID can be found via gpg by passing it the path to an existing key.
For example, to find the keyID used by EPEL 7:

    $ gpg ./RPM-GPG-KEY-EPEL-7
    pub  4096R/352C64E5 2013-12-16 Fedora EPEL (7) <epel@fedoraproject.org>

The string after the / is what `rpmkey` expects (`352C64E5`).
Stefan Schulte's avatar
Stefan Schulte committed
49
50
51
52
53
54

Running the tests
-----------------

This project requires the `puppetlabs_spec_helper` gem (available on rubygems.org)
to run the spec tests. You can run them by executing `rake spec`.
55
56
57
58
59
60
61

Contribution
------------

Thanks to the following contributer, who made this module more usable:

* Gene Liverman