Setting Trust Level of Installed Keys

[rbroemeling]

Hi,

There doesn't appear to be any way to set the trust level of installed keys when using this module to add gnupg keys. This can be necessary if, for example, gpg public keys are being installed which are going to be used to encrypt files (in which case, gpg likes the public keys involved to be trusted).

Could we adapt the module to allow setting of trust levels via a parameter to the gnupg_key type?

Something like:

  gnupg_key {
    'mykey - public':
      ensure      => present,
      key_id      => 'a2b4c6f8',
      user        => 'root',
      key_content => "-----BEGIN PGP PUBLIC KEY BLOCK-----
      ...
-----END PGP PUBLIC KEY BLOCK-----",
      key_trust   => 6,
      key_type    => public;
}

The --import-ownertrust gpg command could be used, to this end.

Ref: https://www.gnupg.org/documentation/manuals/gnupg/Operational-GPG-Commands.html#option-_002d_002dexport_002downertrust

[dgolja]

Sure we can add this parameter. I can have a look in the next week or if you have time you can create a PR.

[rbroemeling]

@n1tr0g I did some initial work on it, have attached a PR. I have not fully tested it, I just wanted to get some progress and see what you thought of the approach.

There are no tests (should we add some?) and there is no verification that an existing key is set to the right trust level (I'm not sure how to approach that). Trust level is just set on initial key addition.

[rbroemeling]

@dgolja Any update on this?