2017-06-29 10:46:42 +02:00
|
|
|
---
|
|
|
|
- name: download EPEL GPG key
|
|
|
|
get_url:
|
|
|
|
url: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
|
|
|
|
dest: /tmp/RPM-GPG-KEY-EPEL-7
|
|
|
|
|
|
|
|
- name: download sl rpm
|
|
|
|
get_url:
|
|
|
|
url: https://download.fedoraproject.org/pub/epel/7/x86_64/s/sl-5.02-1.el7.x86_64.rpm
|
|
|
|
dest: /tmp/sl.rpm
|
|
|
|
|
2017-08-08 20:56:03 +02:00
|
|
|
- name: download Mono key
|
|
|
|
get_url:
|
|
|
|
url: http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
|
|
|
|
dest: /tmp/mono.gpg
|
|
|
|
|
2017-06-29 10:46:42 +02:00
|
|
|
- name: remove EPEL GPG key from keyring
|
|
|
|
rpm_key:
|
|
|
|
state: absent
|
|
|
|
key: /tmp/RPM-GPG-KEY-EPEL-7
|
|
|
|
|
|
|
|
- name: check GPG signature of sl. Should fail
|
|
|
|
shell: "rpm --checksig /tmp/sl.rpm"
|
|
|
|
register: sl_check
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: confirm that signature check failed
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- "'MISSING KEYS' in sl_check.stdout"
|
|
|
|
- "sl_check.failed"
|
|
|
|
|
2017-08-08 20:56:03 +02:00
|
|
|
- name: remove EPEL GPG key from keyring (idempotent)
|
2017-06-29 10:46:42 +02:00
|
|
|
rpm_key:
|
|
|
|
state: absent
|
|
|
|
key: /tmp/RPM-GPG-KEY-EPEL-7
|
2017-08-08 20:56:03 +02:00
|
|
|
register: idempotent_test
|
2017-06-29 10:46:42 +02:00
|
|
|
|
2017-08-08 20:56:03 +02:00
|
|
|
- name: check idempontence
|
2017-06-29 10:46:42 +02:00
|
|
|
assert:
|
2017-08-08 20:56:03 +02:00
|
|
|
that: "not idempotent_test.changed"
|
2017-06-29 10:46:42 +02:00
|
|
|
|
|
|
|
- name: add EPEL GPG key to key ring
|
|
|
|
rpm_key:
|
|
|
|
state: present
|
|
|
|
key: /tmp/RPM-GPG-KEY-EPEL-7
|
|
|
|
|
2017-08-08 20:56:03 +02:00
|
|
|
- name: add EPEL GPG key to key ring (idempotent)
|
2017-06-29 10:46:42 +02:00
|
|
|
rpm_key:
|
|
|
|
state: present
|
|
|
|
key: /tmp/RPM-GPG-KEY-EPEL-7
|
|
|
|
|
2017-08-08 20:56:03 +02:00
|
|
|
- name: add Mono gpg key
|
|
|
|
rpm_key:
|
|
|
|
state: present
|
|
|
|
key: /tmp/mono.gpg
|
|
|
|
|
|
|
|
- name: add Mono gpg key
|
|
|
|
rpm_key:
|
|
|
|
state: present
|
|
|
|
key: /tmp/mono.gpg
|
|
|
|
register: mono_indempotence
|
|
|
|
|
|
|
|
- name: verify idempotence
|
|
|
|
assert:
|
|
|
|
that: "not mono_indempotence.changed"
|
|
|
|
|
2017-06-29 10:46:42 +02:00
|
|
|
- name: check GPG signature of sl. Should return okay
|
|
|
|
shell: "rpm --checksig /tmp/sl.rpm"
|
|
|
|
register: sl_check
|
|
|
|
|
|
|
|
- name: confirm that signature check succeeded
|
|
|
|
assert:
|
|
|
|
that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"
|
|
|
|
|
|
|
|
- name: remove GPG key from url
|
|
|
|
rpm_key:
|
|
|
|
state: absent
|
|
|
|
key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
|
|
|
|
|
|
|
|
- name: Confirm key is missing
|
|
|
|
shell: "rpm --checksig /tmp/sl.rpm"
|
|
|
|
register: sl_check
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: confirm that signature check failed
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- "'MISSING KEYS' in sl_check.stdout"
|
|
|
|
- "sl_check.failed"
|
|
|
|
|
|
|
|
- name: add GPG key from url
|
|
|
|
rpm_key:
|
|
|
|
state: present
|
|
|
|
key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
|
|
|
|
|
|
|
|
- name: check GPG signature of sl. Should return okay
|
|
|
|
shell: "rpm --checksig /tmp/sl.rpm"
|
|
|
|
register: sl_check
|
|
|
|
|
|
|
|
- name: confirm that signature check succeeded
|
|
|
|
assert:
|
|
|
|
that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"
|
2017-10-10 13:31:20 +02:00
|
|
|
|
|
|
|
- name: remove all keys from key ring
|
|
|
|
shell: "rpm -q gpg-pubkey | xargs rpm -e"
|
|
|
|
|
|
|
|
- name: add very first key on system
|
|
|
|
rpm_key:
|
|
|
|
state: present
|
|
|
|
key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
|