diff options
Diffstat (limited to 'test/integration/targets/dnf/tasks/gpg.yml')
-rw-r--r-- | test/integration/targets/dnf/tasks/gpg.yml | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/test/integration/targets/dnf/tasks/gpg.yml b/test/integration/targets/dnf/tasks/gpg.yml new file mode 100644 index 0000000..72bdee0 --- /dev/null +++ b/test/integration/targets/dnf/tasks/gpg.yml @@ -0,0 +1,88 @@ +# Set up a repo of unsigned rpms +- block: + - set_fact: + pkg_name: langtable + pkg_repo_dir: "{{ remote_tmp_dir }}/unsigned" + + - name: Ensure our test package isn't already installed + dnf: + name: + - '{{ pkg_name }}' + state: absent + + - name: Install rpm-sign and attr + dnf: + name: + - rpm-sign + - attr + state: present + + - name: Create directory to use as local repo + file: + path: "{{ pkg_repo_dir }}" + state: directory + + - name: Download the test package + dnf: + name: '{{ pkg_name }}' + state: latest + download_only: true + download_dir: "{{ pkg_repo_dir }}" + + - name: Unsign the RPM + shell: rpmsign --delsign {{ remote_tmp_dir }}/unsigned/{{ pkg_name }}* + + # In RHEL 8.5 dnf uses libdnf to do checksum verification, which caches the checksum on an xattr of the file + # itself, so we need to clear that cache + - name: Clear libdnf checksum cache + shell: setfattr -x user.Librepo.checksum.sha256 {{ remote_tmp_dir }}/unsigned/{{ pkg_name }}* + when: ansible_distribution in ['RedHat', 'CentOS'] and + ansible_distribution_version is version('8.5', '>=') and + ansible_distribution_version is version('9', '<') + + - name: createrepo + command: createrepo . + args: + chdir: "{{ pkg_repo_dir }}" + + - name: Add the repo + yum_repository: + name: unsigned + description: unsigned rpms + baseurl: "file://{{ pkg_repo_dir }}" + # we want to ensure that signing is verified + gpgcheck: true + + - name: Install test package + dnf: + name: + - "{{ pkg_name }}" + disablerepo: '*' + enablerepo: unsigned + register: res + ignore_errors: yes + + - assert: + that: + - res is failed + - "'Failed to validate GPG signature' in res.msg" + - "'is not signed' in res.msg" + + always: + - name: Remove rpm-sign and attr (and test package if it got installed) + dnf: + name: + - rpm-sign + - attr + - "{{ pkg_name }}" + state: absent + + - name: Remove test repo + yum_repository: + name: unsigned + state: absent + + - name: Remove repo dir + file: + path: "{{ pkg_repo_dir }}" + state: absent |