From 03cbffa15f74f0aae25c7bc9b3e69b20b54926a0 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 16 Jan 2016 18:25:48 +0100
Subject: [PATCH] buildds: force SHA512 signatures

Provide a ~/.gnupg/gpg.conf on the buildds to force SHA512 signatures.
Otherwise gpg still uses to SHA1 by default...

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
---
 modules/buildd/manifests/init.pp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index b58bd01d1..7b22eae1e 100644
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -179,6 +179,17 @@ class buildd ($ensure=present) {
 		group   => buildd,
 		owner   => buildd,
 	}
+	file { '/home/buildd/.gnupg':
+		ensure  => directory,
+		mode    => '700',
+		group   => buildd,
+		owner   => buildd,
+	}
+	file { '/home/buildd/.gnupg/gpg.conf':
+		content  => "personal-digest-preferences SHA512\n",
+		group   => buildd,
+		owner   => buildd,
+	}
 
 	if ! $::buildd_key {
 		exec { 'create-buildd-key':
-- 
2.20.1