summaryrefslogtreecommitdiffstats
path: root/test/integration/targets/dnf/tasks/gpg.yml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 16:04:21 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 16:04:21 +0000
commit8a754e0858d922e955e71b253c139e071ecec432 (patch)
tree527d16e74bfd1840c85efd675fdecad056c54107 /test/integration/targets/dnf/tasks/gpg.yml
parentInitial commit. (diff)
downloadansible-core-upstream.tar.xz
ansible-core-upstream.zip
Adding upstream version 2.14.3.upstream/2.14.3upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/integration/targets/dnf/tasks/gpg.yml')
-rw-r--r--test/integration/targets/dnf/tasks/gpg.yml88
1 files changed, 88 insertions, 0 deletions
diff --git a/test/integration/targets/dnf/tasks/gpg.yml b/test/integration/targets/dnf/tasks/gpg.yml
new file mode 100644
index 0000000..72bdee0
--- /dev/null
+++ b/test/integration/targets/dnf/tasks/gpg.yml
@@ -0,0 +1,88 @@
+# Set up a repo of unsigned rpms
+- block:
+ - set_fact:
+ pkg_name: langtable
+ pkg_repo_dir: "{{ remote_tmp_dir }}/unsigned"
+
+ - name: Ensure our test package isn't already installed
+ dnf:
+ name:
+ - '{{ pkg_name }}'
+ state: absent
+
+ - name: Install rpm-sign and attr
+ dnf:
+ name:
+ - rpm-sign
+ - attr
+ state: present
+
+ - name: Create directory to use as local repo
+ file:
+ path: "{{ pkg_repo_dir }}"
+ state: directory
+
+ - name: Download the test package
+ dnf:
+ name: '{{ pkg_name }}'
+ state: latest
+ download_only: true
+ download_dir: "{{ pkg_repo_dir }}"
+
+ - name: Unsign the RPM
+ shell: rpmsign --delsign {{ remote_tmp_dir }}/unsigned/{{ pkg_name }}*
+
+ # In RHEL 8.5 dnf uses libdnf to do checksum verification, which caches the checksum on an xattr of the file
+ # itself, so we need to clear that cache
+ - name: Clear libdnf checksum cache
+ shell: setfattr -x user.Librepo.checksum.sha256 {{ remote_tmp_dir }}/unsigned/{{ pkg_name }}*
+ when: ansible_distribution in ['RedHat', 'CentOS'] and
+ ansible_distribution_version is version('8.5', '>=') and
+ ansible_distribution_version is version('9', '<')
+
+ - name: createrepo
+ command: createrepo .
+ args:
+ chdir: "{{ pkg_repo_dir }}"
+
+ - name: Add the repo
+ yum_repository:
+ name: unsigned
+ description: unsigned rpms
+ baseurl: "file://{{ pkg_repo_dir }}"
+ # we want to ensure that signing is verified
+ gpgcheck: true
+
+ - name: Install test package
+ dnf:
+ name:
+ - "{{ pkg_name }}"
+ disablerepo: '*'
+ enablerepo: unsigned
+ register: res
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - res is failed
+ - "'Failed to validate GPG signature' in res.msg"
+ - "'is not signed' in res.msg"
+
+ always:
+ - name: Remove rpm-sign and attr (and test package if it got installed)
+ dnf:
+ name:
+ - rpm-sign
+ - attr
+ - "{{ pkg_name }}"
+ state: absent
+
+ - name: Remove test repo
+ yum_repository:
+ name: unsigned
+ state: absent
+
+ - name: Remove repo dir
+ file:
+ path: "{{ pkg_repo_dir }}"
+ state: absent