From 3a1ab8b24140e56e96f7176b6fb1d82590fddbcc Mon Sep 17 00:00:00 2001
From: "Mike (stew) O'Connor" <stew@vireo.org>
Date: Thu, 17 Feb 2011 21:37:27 -0500
Subject: initial commit

Signed-off-by: Mike (stew) O'Connor <stew@vireo.org>
---
 .gitignore                                |  1 +
 README                                    | 30 ++++++++++++++++++++++
 files/etc/cron.d/update-monkeysphere-auth |  1 +
 lib/facter/monkeysphere.rb                | 42 +++++++++++++++++++++++++++++++
 manifests/debian.pp                       | 16 ++++++++++++
 manifests/init.pp                         | 22 ++++++++++++++++
 manifests/signer.pp                       |  4 +++
 manifests/sshserver.pp                    | 29 +++++++++++++++++++++
 manifests/sshserverdanger.pp              | 11 ++++++++
 templates/host.erb                        |  3 +++
 10 files changed, 159 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README
 create mode 100644 files/etc/cron.d/update-monkeysphere-auth
 create mode 100644 lib/facter/monkeysphere.rb
 create mode 100644 manifests/debian.pp
 create mode 100644 manifests/init.pp
 create mode 100644 manifests/signer.pp
 create mode 100644 manifests/sshserver.pp
 create mode 100644 manifests/sshserverdanger.pp
 create mode 100644 templates/host.erb

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b25c15b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
diff --git a/README b/README
new file mode 100644
index 0000000..dbd13e3
--- /dev/null
+++ b/README
@@ -0,0 +1,30 @@
+puppet module for monkeysphere
+
+for information about monkeysphere, see http://web.monkeysphere.info/
+
+To install the monkeypshere module:
+
+* storeconfigs must be enabled in your puppet server. see:
+  http://projects.puppetlabs.com/projects/1/wiki/Using_Stored_Configuration#Configuring+basic+storeconfigs
+
+* copy the code to a directory named "monkeysphere" in the modules
+  directory of your puppet install.  This will usually be
+  /etc/puppetd/modules/monkeysphere
+
+* add the following line to modules.pp:
+
+  import "monkeysphere"
+
+* in node definitions that should export a ssh host key via
+  monkeyshere, add:
+
+  include monkeysphere::sshserver
+
+A host can be configured as a host you would use to sign the gpg keys by placing:
+
+  include monkeysphere::signer
+
+into the node definition. ON this host, a file will be placed in
+/var/lib/puppet/monkeysphere/hosts for each host configured as a
+sshserver.  Each file will contin the gpg id, the gpg fingerprint, and
+the ssh fingerprint of the sshserver.
\ No newline at end of file
diff --git a/files/etc/cron.d/update-monkeysphere-auth b/files/etc/cron.d/update-monkeysphere-auth
new file mode 100644
index 0000000..06bb5ae
--- /dev/null
+++ b/files/etc/cron.d/update-monkeysphere-auth
@@ -0,0 +1 @@
+*/5 * * * * root /usr/sbin/monkeysphere-authentication update-users
diff --git a/lib/facter/monkeysphere.rb b/lib/facter/monkeysphere.rb
new file mode 100644
index 0000000..e3a0a73
--- /dev/null
+++ b/lib/facter/monkeysphere.rb
@@ -0,0 +1,42 @@
+has_hostkey = false
+pgp_fingerprint = ''
+pgp_id = ''
+ssh_fingerprint = ''
+
+if File.exist?('/usr/sbin/monkeysphere-host')
+
+  sk = %x{/usr/sbin/monkeysphere-host show-keys}
+  if $? == 0
+    has_hostkey = true
+    sk.lines.each do |line|
+      m = line.match('^OpenPGP fingerprint:(.*)$')
+      if m
+        pgp_fingerprint = m[1].strip
+      end
+      m = line.match('^uid (.*)$')
+      if m
+        pgp_id = m[1].strip
+      end
+      m = line.match('^ssh fingerprint:(.*)$')
+      if m
+        ssh_fingerprint = m[1].strip
+      end
+    end
+  end
+end
+
+Facter.add("monkeysphere_has_hostkey") do
+  setcode{ has_hostkey }
+end
+
+Facter.add("monkeysphere_pgp_fp") do
+  setcode{ pgp_fingerprint }
+end
+
+Facter.add("monkeysphere_pgp_id") do
+  setcode{ pgp_id }
+end
+
+Facter.add("monkeysphere_ssh_fp") do
+  setcode{ ssh_fingerprint }
+end
diff --git a/manifests/debian.pp b/manifests/debian.pp
new file mode 100644
index 0000000..4166c79
--- /dev/null
+++ b/manifests/debian.pp
@@ -0,0 +1,16 @@
+class monkeysphere::debian {
+
+case $lsbdistcodename {
+        lenny: {
+          if $monkeysphere_ensure_version == ''
+          {
+            $monkeysphere_ensure_version = '1.4.10-2~bpo50+1'
+          }
+
+          if $gnupg_ensure_version == ''
+          {
+            $gnupg_ensure_version = '0.31-3~bpo50+1'
+          }
+        }
+    }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..943d3eb
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,22 @@
+# monkeysphere module
+class monkeysphere {
+  module_dir { [ "monkeysphere", "monkeysphere/hosts", "monkeysphere/plugins" ]: }
+
+    case $operatingsystem {
+        debian: { include monkeysphere::debian }
+    }
+
+    if $monkeysphere_ensure_version == ''
+    {
+      $monkeysphere_ensure_version = 'installed'
+    }
+
+    if $gnupg_ensure_version == ''
+    {
+      $gnupg_ensure_version = 'installed'
+    }
+
+  package {"gnupg": ensure => $gnupg_ensure_version, }
+  package {"monkeysphere": ensure => $monkeysphere_ensure_version, require => [ Package["gnupg"] ] }
+
+}
diff --git a/manifests/signer.pp b/manifests/signer.pp
new file mode 100644
index 0000000..350b4be
--- /dev/null
+++ b/manifests/signer.pp
@@ -0,0 +1,4 @@
+class monkeysphere::signer inherits monkeysphere
+{
+  File <<| tag == 'monkeysphere-host' |>>
+}
diff --git a/manifests/sshserver.pp b/manifests/sshserver.pp
new file mode 100644
index 0000000..966e136
--- /dev/null
+++ b/manifests/sshserver.pp
@@ -0,0 +1,29 @@
+class monkeysphere::sshserver inherits monkeysphere
+{
+
+  exec {"import.hostkey":
+    command => "/usr/sbin/monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://${fqdn} && echo Y | /usr/sbin/monkeysphere-host publish-key",
+    unless => "/usr/sbin/monkeysphere-host show-key",
+    user => root,
+    require => [ Package[ "monkeysphere" ] ],
+  }
+
+  if $monkeysphere_has_hostkey {
+    @@file { "/var/lib/puppet/modules/monkeysphere/hosts/${fqdn}":
+      ensure => present,
+      content => template("monkeysphere/host.erb" ),
+      require => [ Package[ "monkeysphere" ] ],
+      tag => 'monkeysphere-host',
+    }
+  }
+
+  file { "/etc/cron.d/update-monkeysphere-auth":
+    ensure => present,
+    source => "puppet:///modules/monkeysphere/etc/cron.d/update-monkeysphere-auth",
+    require => [ Package[ "monkeysphere" ] ],
+    mode => 0644,
+    owner => root,
+    group => root,
+  }
+
+}
diff --git a/manifests/sshserverdanger.pp b/manifests/sshserverdanger.pp
new file mode 100644
index 0000000..7d7f12c
--- /dev/null
+++ b/manifests/sshserverdanger.pp
@@ -0,0 +1,11 @@
+class monkeysphere::sshserverdanger  inherits monkeysphere::sshserver 
+{
+  augeas { "sshd_config":
+    context => "/files/etc/ssh/sshd_config",
+    changes => [
+                "set AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u"
+                ],
+    notify => Service[ "ssh" ],
+  }
+
+}
diff --git a/templates/host.erb b/templates/host.erb
new file mode 100644
index 0000000..6412663
--- /dev/null
+++ b/templates/host.erb
@@ -0,0 +1,3 @@
+uid <%= monkeysphere_pgp_id %>
+host_key <%= monkeysphere_ssh_fp %>
+fingerprint <%= monkeysphere_pgp_fp %>
-- 
cgit v1.2.3


From 7358997fd51ffb852476ea9f5b68d91cef84ba9a Mon Sep 17 00:00:00 2001
From: "Mike (stew) O'Connor" <stew@vireo.org>
Date: Thu, 17 Feb 2011 22:17:10 -0500
Subject: easy fix for facter

Signed-off-by: Mike (stew) O'Connor <stew@vireo.org>
---
 lib/facter/monkeysphere.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/facter/monkeysphere.rb b/lib/facter/monkeysphere.rb
index e3a0a73..1d7d68e 100644
--- a/lib/facter/monkeysphere.rb
+++ b/lib/facter/monkeysphere.rb
@@ -1,7 +1,7 @@
 has_hostkey = false
-pgp_fingerprint = ''
-pgp_id = ''
-ssh_fingerprint = ''
+pgp_fingerprint = ' '
+pgp_id = ' '
+ssh_fingerprint = ' '
 
 if File.exist?('/usr/sbin/monkeysphere-host')
 
-- 
cgit v1.2.3


From fd7e629e6a34cee030d1602be2a76c290d18e52b Mon Sep 17 00:00:00 2001
From: "Mike (stew) O'Connor" <stew@vireo.org>
Date: Sun, 20 Feb 2011 14:03:56 -0500
Subject: add identity_certifier type

Signed-off-by: Mike (stew) O'Connor <stew@vireo.org>
---
 .../provider/identify_certifier/monkeysphere.rb    | 57 ++++++++++++++++++++++
 lib/puppet/type/identity_certifier.rb              | 10 ++++
 2 files changed, 67 insertions(+)
 create mode 100644 lib/puppet/provider/identify_certifier/monkeysphere.rb
 create mode 100644 lib/puppet/type/identity_certifier.rb

diff --git a/lib/puppet/provider/identify_certifier/monkeysphere.rb b/lib/puppet/provider/identify_certifier/monkeysphere.rb
new file mode 100644
index 0000000..49ea6e6
--- /dev/null
+++ b/lib/puppet/provider/identify_certifier/monkeysphere.rb
@@ -0,0 +1,57 @@
+##
+
+
+require 'puppet/provider/package'
+require "open3"
+
+Puppet::Type.type(:identity_certifier).provide(:monkeysphere,
+                                               :parent => Puppet::Provider::Package) do
+
+  commands :monkeysphereauth => "/usr/sbin/monkeysphere-authentication"
+
+  desc "asdf"
+  
+  # retrieve the current set of mysql users
+  def self.instances
+    ids = []
+
+    cmd = "#{command(:monkeysphereauth)} list-id-certifiers"
+    execpipe(cmd) do |process|
+      process.each do |line|
+        m = line.match( "^[0-9A-Z]{32}([0-9A-Z]{8}):" )
+        if m
+          ids << new( { :ensure => :present, :pgpid => m.group(1) } )
+        end
+      end
+    end
+    return ids
+  end
+
+  def create
+    Open3.popen3("monkeysphere-authentication add-id-certifier #{resource[:pgpid]}") do |i, o, e|
+      i.puts( "Y" )
+      o.readlines()
+    end
+  end
+  
+  def destroy
+    Open3.popen3("monkeysphere-authentication remove-id-certifier #{resource[:pgpid]}") do |i, o, e|
+      i.puts( "Y" )
+      o.readlines()
+    end
+  end
+  
+  def exists?
+
+    cil = %x{/usr/sbin/monkeysphere-authentication list-id-certifiers}
+    if $? == 0
+      cil.lines.each do |line|
+        m = line.match( '^[0-9A-Z]*' + resource[:pgpid] + ':' )
+        if m
+          return true
+        end
+      end
+    end
+    return false
+  end
+end
diff --git a/lib/puppet/type/identity_certifier.rb b/lib/puppet/type/identity_certifier.rb
new file mode 100644
index 0000000..cc8295f
--- /dev/null
+++ b/lib/puppet/type/identity_certifier.rb
@@ -0,0 +1,10 @@
+Puppet::Type.newtype(:identity_certifier) do
+  @doc = "Manage monkeysphere identity-certifiers"
+  
+  ensurable
+  newparam(:pgpid) do
+    desc "The pgp id of the certifier"
+    isnamevar
+  end
+
+end
-- 
cgit v1.2.3


From c4913fb3e46624494a0935ec133b25db735afc30 Mon Sep 17 00:00:00 2001
From: "Mike (stew) O'Connor" <stew@vireo.org>
Date: Sun, 20 Feb 2011 14:08:46 -0500
Subject: add documentation for identity certifier

Signed-off-by: Mike (stew) O'Connor <stew@vireo.org>
---
 README | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README b/README
index dbd13e3..4fcec87 100644
--- a/README
+++ b/README
@@ -20,6 +20,12 @@ To install the monkeypshere module:
 
   include monkeysphere::sshserver
 
+* You can specify pgpids of identity certifiers:
+
+  identity_certifier { "A3AE44A4":
+    ensure => present
+  }
+
 A host can be configured as a host you would use to sign the gpg keys by placing:
 
   include monkeysphere::signer
-- 
cgit v1.2.3