projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add codesign bits for secure boot
[mirror/dsa-puppet.git] / modules / roles / manifests / signing.pp
diff --git a/modules/roles/manifests/signing.pp b/modules/roles/manifests/signing.pp
new file mode 100644 (file)
index 0000000..a959ae3
--- /dev/null
+++ b/modules/roles/manifests/signing.pp
@@ -0,0 +1,20 @@
+class roles::signing {
+       package { 'expect': ensure => installed, }
+       package { 'pesign': ensure => installed, }
+       package { 'linux-kbuild-4.9': ensure => installed, }
+       package { 'libengine-pkcs11-openssl': ensure => installed, }
+
+       file { '/usr/local/bin/pesign-wrap':
+               owner => 'root',
+               group => 'root',
+               mode => '0555',
+               source => 'puppet:///modules/roles/signing/pesign-wrap',
+       }
+
+       file { '/usr/local/bin/secure-boot-code-sign':
+               owner => 'root',
+               group => 'root',
+               mode => '0555',
+               source => 'puppet:///modules/roles/signing/secure-boot-code-sign.py',
+       }
+}
Unnamed repository; edit this file 'description' to name the repository.