Merge pull request #16 from horakmar/master
Add a GPG configuration to avoid generating weak hashes.
diff --git a/aptly/files/gpg.conf b/aptly/files/gpg.conf
new file mode 100644
index 0000000..8ca3ebb
--- /dev/null
+++ b/aptly/files/gpg.conf
@@ -0,0 +1,2 @@
+cert-digest-algo SHA256
+digest-algo SHA256
diff --git a/aptly/server/init.sls b/aptly/server/init.sls
index 2e865b4..5083035 100644
--- a/aptly/server/init.sls
+++ b/aptly/server/init.sls
@@ -1,6 +1,7 @@
{%- from "aptly/map.jinja" import server with context %}
{%- if server.enabled %}
+{% set gpgconffile = '{}/.gnupg/gpg.conf'.format(server.home_dir) %}
{% set gpgprivfile = '{}/.gnupg/secret.gpg'.format(server.home_dir) %}
{% set gpgpubfile = '{}/public/public.gpg'.format(server.root_dir) %}
@@ -138,6 +139,16 @@
- require:
- file: aptly_home_dir
+gpg_conf_file:
+ file.managed:
+ - name: {{ gpgconffile }}
+ - source: salt://aptly/files/gpg.conf
+ - user: {{ server.user.name }}
+ - group: {{ server.user.group }}
+ - mode: 644
+ - makedirs: true
+ - require:
+ - file: aptly_gpg_key_dir
gpg_priv_key:
file.managed: