diff --git a/test/integration/targets/rpm_key/aliases b/test/integration/targets/rpm_key/aliases new file mode 100644 index 0000000000..8e7d715f9c --- /dev/null +++ b/test/integration/targets/rpm_key/aliases @@ -0,0 +1,2 @@ +destructive +posix/ci/group1 diff --git a/test/integration/targets/rpm_key/defaults/main.yaml b/test/integration/targets/rpm_key/defaults/main.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/test/integration/targets/rpm_key/tasks/main.yaml b/test/integration/targets/rpm_key/tasks/main.yaml new file mode 100644 index 0000000000..9f6fd4ec60 --- /dev/null +++ b/test/integration/targets/rpm_key/tasks/main.yaml @@ -0,0 +1,2 @@ + - include: 'rpm_key.yaml' + when: ansible_os_family == "RedHat" diff --git a/test/integration/targets/rpm_key/tasks/rpm_key.yaml b/test/integration/targets/rpm_key/tasks/rpm_key.yaml new file mode 100644 index 0000000000..a8bb75b0cb --- /dev/null +++ b/test/integration/targets/rpm_key/tasks/rpm_key.yaml @@ -0,0 +1,83 @@ +--- +- name: download EPEL GPG key + get_url: + url: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + dest: /tmp/RPM-GPG-KEY-EPEL-7 + +- name: download sl rpm + get_url: + url: https://download.fedoraproject.org/pub/epel/7/x86_64/s/sl-5.02-1.el7.x86_64.rpm + dest: /tmp/sl.rpm + +- name: remove EPEL GPG key from keyring + rpm_key: + state: absent + key: /tmp/RPM-GPG-KEY-EPEL-7 + +- name: check GPG signature of sl. Should fail + shell: "rpm --checksig /tmp/sl.rpm" + register: sl_check + ignore_errors: yes + +- name: confirm that signature check failed + assert: + that: + - "'MISSING KEYS' in sl_check.stdout" + - "sl_check.failed" + +- name: remove EPEL GPG key from keyring (Idempotant) + rpm_key: + state: absent + key: /tmp/RPM-GPG-KEY-EPEL-7 + register: idempotant_test + +- name: check Idempotant + assert: + that: "not idempotant_test.changed" + +- name: add EPEL GPG key to key ring + rpm_key: + state: present + key: /tmp/RPM-GPG-KEY-EPEL-7 + +- name: add EPEL GPG key to key ring (Idempotant) + rpm_key: + state: present + key: /tmp/RPM-GPG-KEY-EPEL-7 + +- name: check GPG signature of sl. Should return okay + shell: "rpm --checksig /tmp/sl.rpm" + register: sl_check + +- name: confirm that signature check succeeded + assert: + that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout" + +- name: remove GPG key from url + rpm_key: + state: absent + key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + +- name: Confirm key is missing + shell: "rpm --checksig /tmp/sl.rpm" + register: sl_check + ignore_errors: yes + +- name: confirm that signature check failed + assert: + that: + - "'MISSING KEYS' in sl_check.stdout" + - "sl_check.failed" + +- name: add GPG key from url + rpm_key: + state: present + key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + +- name: check GPG signature of sl. Should return okay + shell: "rpm --checksig /tmp/sl.rpm" + register: sl_check + +- name: confirm that signature check succeeded + assert: + that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"