Commit dc0f66b3 authored by intrigeri's avatar intrigeri
Browse files

tails::reprepro: automatically refresh OpenPGP keys in the GnuPG public keyring.

Note: given the dependencies on parcimonie (that's not exactly
lightweight yet) and systemd (that's not very widespread on Debian
servers yet), it doesn't feel worth pushing this to the upstream
reprepro module yet.
parent f1afcb16
......@@ -14,6 +14,12 @@ class tails::reprepro (
$git_remote = 'https://git-tails.immerda.ch/tails'
) {
### Sanity checks
if $::lsbdistcodename != 'jessie' {
fail('The tails::tester module only supports Debian Jessie.')
}
### Class variables
$git_repo = "${basedir}/tails.git"
......@@ -130,4 +136,38 @@ class tails::reprepro (
managed => $nginx_managed;
}
# Refresh OpenPGP keys
package { ['dbus-x11', 'parcimonie']:
ensure => present,
install_options => [ '--no-install-recommends' ],
}
file { '/etc/systemd/system/parcimonie-reprepro.service':
ensure => present,
owner => root,
group => root,
mode => '0644',
require => Package['dbus-x11', 'parcimonie'],
content => "[Unit]
Description=Refresh reprepro's GnuPG keyring
[Service]
Type=simple
ExecStart=/usr/bin/dbus-launch /usr/bin/parcimonie --verbose
User=reprepro
[Install]
WantedBy=multi-user.target
",
}
service { 'parcimonie-reprepro.service':
ensure => running,
enable => true,
provider => systemd,
require => File['/etc/systemd/system/parcimonie-reprepro.service'],
subscribe => File['/etc/systemd/system/parcimonie-reprepro.service'],
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment