README.md 2.19 KB
Newer Older
Stefan Schulte's avatar
Stefan Schulte committed
1
2
3
Puppet RPMKEY Module
====================

Stefan Schulte's avatar
Stefan Schulte committed
4
[![Build Status](https://travis-ci.org/stschulte/puppet-rpmkey.png?branch=master)](https://travis-ci.org/stschulte/puppet-rpmkey)
Stefan Schulte's avatar
Stefan Schulte committed
5
[![Coverage Status](https://coveralls.io/repos/stschulte/puppet-rpmkey/badge.svg)](https://coveralls.io/r/stschulte/puppet-rpmkey)
6
[![Puppet Forge](https://img.shields.io/puppetforge/v/stschulte/rpmkey.svg)](https://forge.puppetlabs.com/stschulte/rpmkey)
Stefan Schulte's avatar
Stefan Schulte committed
7

Stefan Schulte's avatar
Stefan Schulte committed
8
9
This repository aims to ease the GPG keymanagement with rpm

Stefan Schulte's avatar
Stefan Schulte committed
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Background
----------

A package maintainer can sign his RPM packages with a secret gpg key.  This
allows a third party (e.g. you) to verify the package with the corresponding
public key. The `rpm` utility has its own keyring and commands to import and
remove public gpg keys.

A key can be imported with `rpm --import` and will then present itself as an
installed package of the form `gpgkey-#{keyid}-#{signature_date}`. In the same
way the key can be removed from the keyring by removing the corresponding
package with `rpm --erase`

The puppet way
--------------

The new puppet `rpmkey` type treats a single key as a puppet resource so you
can e.g. specify

```puppet
rpmkey { '0608B895':
  ensure => present,
  source => 'https://fedoraproject.org/static/0608B895.txt',
}
```

The above resource will import the key if it is not already present. If
you want to make sure that a key is absent (remove it when it is present)
specify the following instead:

```puppet
rpmkey { '0608B895':
  ensure => absent,
}
```

The `name` of the `rpmkey` resource has to be the keyID of the gpg key.  If
you have the public key available as a file but you are unsure of the correct
keyID, use `gpg` to extract the keyID.  For example, to find the keyID used
by EPEL 7:

```bash
$ gpg ./RPM-GPG-KEY-EPEL-7
pub  4096R/352C64E5 2013-12-16 Fedora EPEL (7) <epel@fedoraproject.org>
```
55
56

The string after the / is what `rpmkey` expects (`352C64E5`).
Stefan Schulte's avatar
Stefan Schulte committed
57
58
59
60

Running the tests
-----------------

Stefan Schulte's avatar
Stefan Schulte committed
61
62
63
64
65
66
The easiest way to run the tests is via bundler

```bash
bundle install
bundle exec rake spec SPEC_OPTS='--format documentation'
```
67
68
69
70

Contribution
------------

71
Thanks to the following contributers, who made this module more usable:
72
73

* Gene Liverman
74
* Michael Moll
75
* duritong