1 # Define: yum::gpgkey

     2 #

     3 # This definition saves and imports public GPG key for RPM. Key can

     4 # be stored on Puppet's fileserver or as inline content. Key can be

     5 # also removed from system.

     6 #

     7 # Parameters:

     8 #   [*path*]     - alternative file location (defaults to name)

     9 #   [*ensure*]   - specifies if key should be present or absent

    10 #   [*content*]  - content

    11 #   [*source*]   - source (e.g.: puppet:///)

    12 #   [*owner*]    - file owner

    13 #   [*group*]    - file group

    14 #   [*mode*]     - file mode

    15 #

    16 # Actions:

    17 #

    18 # Requires:

    19 #   RPM based system

    20 #

    21 # Sample usage:

    22 #   yum::gpgkey { '/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-smoketest1':

    23 #     ensure  => present,

    24 #     content => '-----BEGIN PGP PUBLIC KEY BLOCK-----

    25 #   ...

    26 #   -----END PGP PUBLIC KEY BLOCK-----';

    27 #   }

    28 #

    29 define yum::gpgkey (

    30   $path    = $name,

    31   $ensure  = present,

    32   $content = '',

    33   $source  = '',

    34   $owner   = 'root',

    35   $group   = 'root',

    36   $mode    = '0644'

    37 ) {

    38   validate_absolute_path($path)

    39   validate_string($owner, $group, $mode)

    40 

    41   file { $path:

    42     ensure => $ensure,

    43     owner  => $owner,

    44     group  => $group,

    45     mode   => $mode,

    46   }

    47 

    48   if ($content == '') and ($source == '') {

    49     fail('Missing params: $content or $source must be specified')

    50   } elsif $content {

    51     File[$path] {

    52       content => $content

    53     }

    54   } else {

    55     File[$path] {

    56       source => $source

    57     }

    58   }

    59 

    60   $rpmname = "gpg-pubkey-$( \

    61 gpg --quiet --with-colon --homedir=/root --throw-keyids <${path} | \

    62 cut -d: -f5 | cut -c9- | tr '[A-Z]' '[a-z]' | head -1)"

    63 

    64   case $ensure {

    65     present: {

    66       exec { "rpm-import-${name}":

    67         path    => '/bin:/usr/bin:/sbin/:/usr/sbin',

    68         command => "rpm --import ${path}",

    69         unless  => "rpm -q ${rpmname}",

    70         require => File[$path],

    71       }

    72     }

    73 

    74     absent: {

    75       exec { "rpm-delete-${name}":

    76         path    => '/bin:/usr/bin:/sbin/:/usr/sbin',

    77         command => "rpm -e ${rpmname}",

    78         onlyif  => ["test -f ${path}", "rpm -q ${rpmname}"],

    79         before  => File[$path],

    80       }

    81     }

    82 

    83     default: {

    84       fail("Invalid ensure state: ${ensure}")

    85     }

    86   }

    87 }