Generate signing key
By default, the generation of the signing key is enabled
poudriere_key: true
By default, the names of the files are poudriere-sk.key
and poudriere-sk.crt
poudriere_ssl_dir: /usr/local/etc/ssl
poudriere_ssl_private_dir: /usr/local/etc/ssl/private
poudriere_conf_pkg_repo_signing_key: "{{ poudriere_ssl_private_dir }}/poudriere-sk.key"
poudriere_key_crt: "{{ poudriere_ssl_dir }}/crt/poudriere-sk.crt"
Optionally, change the paths and names of the files, e.g.
poudriere_cert_cn: build.example.com
poudriere_conf_pkg_repo_signing_key: "{{ poudriere_ssl_private_dir }}/{{ poudriere_cert_cn }}-sk.key"
poudriere_key_crt: "{{ poudriere_ssl_dir }}/crt/{{ poudriere_cert_cn }}-sk.crt"
Generate the signing key
shell> ansible-playbook pb.yml -t poudriere_key
Review the created files, ownership, and the permissions
1shell> tree /usr/local/etc/ssl/
2/usr/local/etc/ssl/
3|-- cert.pem
4|-- cert.pem.sample -> ../../share/certs/ca-root-nss.crt
5|-- certs
6|-- crt
7| `-- build.example.com-sk.crt
8|-- csr
9`-- private
10 `-- build.example.com-sk.key
See also
Source code key.yml