forked from CERIT-SC/puppet-yum
-
-
Notifications
You must be signed in to change notification settings - Fork 99
/
gpgkey.pp
85 lines (80 loc) · 2.25 KB
/
gpgkey.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# Define: yum::gpgkey
#
# This definition saves and imports public GPG key for RPM. Key can
# be stored on Puppet's fileserver or as inline content. Key can be
# also removed from system.
#
# Parameters:
# [*path*] - alternative file location (defaults to name)
# [*ensure*] - specifies if key should be present or absent
# [*content*] - content
# [*source*] - source (e.g.: puppet:///)
# [*owner*] - file owner
# [*group*] - file group
# [*mode*] - file mode
#
# Actions:
#
# Requires:
# RPM based system
#
# Sample usage:
# yum::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-smoketest1':
# ensure => 'present',
# content => '-----BEGIN PGP PUBLIC KEY BLOCK-----
# ...
# -----END PGP PUBLIC KEY BLOCK-----';
# }
#
define yum::gpgkey (
String $path = $name,
Enum['present', 'absent'] $ensure = 'present',
Optional[String] $content = undef,
Optional[String] $source = undef,
String $owner = 'root',
String $group = 'root',
String $mode = '0644'
) {
$_creators = [$content, $source]
$_used_creators = $_creators.filter |$value| { !empty($value) }
unless size($_used_creators) != 1 {
File[$path] {
content => $content,
source => $source,
}
} else {
case size($_used_creators) {
0: { fail('Missing params: $content or $source must be specified') }
default: { fail('You cannot specify more than one of content, source') }
}
}
file { $path:
ensure => $ensure,
owner => $owner,
group => $group,
mode => $mode,
}
$rpmname = "gpg-pubkey-$(gpg --with-colons ${path} | \
head -n 1 | \
cut -d: -f5 | \
cut -c9-16 | \
tr '[A-Z]' '[a-z]')"
case $ensure {
'present', default: {
exec { "rpm-import-${name}":
path => '/bin:/usr/bin:/sbin/:/usr/sbin',
command => "rpm --import ${path}",
unless => "rpm -q ${rpmname}",
require => File[$path],
}
}
'absent': {
exec { "rpm-delete-${name}":
path => '/bin:/usr/bin:/sbin/:/usr/sbin',
command => "rpm -e ${rpmname}",
onlyif => ["test -f ${path}", "rpm -q ${rpmname}"],
before => File[$path],
}
}
}
}