buildds: force SHA512 signatures

Provide a ~/.gnupg/gpg.conf on the buildds to force SHA512 signatures.
Otherwise gpg still uses to SHA1 by default...

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index b58bd01..7b22eae 100644 (file)
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -179,6 +179,17 @@ class buildd ($ensure=present) {
                group   => buildd,
                owner   => buildd,
        }
+       file { '/home/buildd/.gnupg':
+               ensure  => directory,
+               mode    => '700',
+               group   => buildd,
+               owner   => buildd,
+       }
+       file { '/home/buildd/.gnupg/gpg.conf':
+               content  => "personal-digest-preferences SHA512\n",
+               group   => buildd,
+               owner   => buildd,
+       }
 
        if ! $::buildd_key {
                exec { 'create-buildd-key':