blob: 034cc55e66b38ad76511cda556690e0118ee59de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
---
- name: download EPEL GPG key
get_url:
url: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
dest: /tmp/RPM-GPG-KEY-EPEL-7
- name: download sl rpm
get_url:
url: https://download.fedoraproject.org/pub/epel/7/x86_64/Packages/s/sl-5.02-1.el7.x86_64.rpm
dest: /tmp/sl.rpm
- name: download Mono key
get_url:
url: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
dest: /tmp/mono.gpg
- name: remove EPEL GPG key from keyring
rpm_key:
state: absent
key: /tmp/RPM-GPG-KEY-EPEL-7
- name: check GPG signature of sl. Should fail
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
ignore_errors: yes
- name: confirm that signature check failed
assert:
that:
- "'MISSING KEYS' in sl_check.stdout"
- "sl_check.failed"
- name: remove EPEL GPG key from keyring (idempotent)
rpm_key:
state: absent
key: /tmp/RPM-GPG-KEY-EPEL-7
register: idempotent_test
- name: check idempontence
assert:
that: "not idempotent_test.changed"
- name: add EPEL GPG key to key ring
rpm_key:
state: present
key: /tmp/RPM-GPG-KEY-EPEL-7
- name: add EPEL GPG key to key ring (idempotent)
rpm_key:
state: present
key: /tmp/RPM-GPG-KEY-EPEL-7
- name: add Mono gpg key
rpm_key:
state: present
key: /tmp/mono.gpg
- name: add Mono gpg key
rpm_key:
state: present
key: /tmp/mono.gpg
register: mono_indempotence
- name: verify idempotence
assert:
that: "not mono_indempotence.changed"
- name: check GPG signature of sl. Should return okay
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
- name: confirm that signature check succeeded
assert:
that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"
- name: remove GPG key from url
rpm_key:
state: absent
key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
- name: Confirm key is missing
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
ignore_errors: yes
- name: confirm that signature check failed
assert:
that:
- "'MISSING KEYS' in sl_check.stdout"
- "sl_check.failed"
- name: add GPG key from url
rpm_key:
state: present
key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
- name: check GPG signature of sl. Should return okay
shell: "rpm --checksig /tmp/sl.rpm"
register: sl_check
- name: confirm that signature check succeeded
assert:
that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"
|
