summaryrefslogtreecommitdiff
path: root/test/integration/targets/rpm_key/tasks/rpm_key.yaml
blob: a8bb75b0cbb2e8d2b4bebfde04e4071c75ab527f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

---
- name: download EPEL GPG key
  get_url:
    url: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
    dest: /tmp/RPM-GPG-KEY-EPEL-7

- name: download sl rpm
  get_url:
    url: https://download.fedoraproject.org/pub/epel/7/x86_64/s/sl-5.02-1.el7.x86_64.rpm
    dest: /tmp/sl.rpm

- name: remove EPEL GPG key from keyring
  rpm_key:
    state: absent
    key: /tmp/RPM-GPG-KEY-EPEL-7

- name: check GPG signature of sl. Should fail
  shell: "rpm --checksig /tmp/sl.rpm"
  register: sl_check
  ignore_errors: yes

- name: confirm that signature check failed
  assert:
    that:
      - "'MISSING KEYS' in sl_check.stdout"
      - "sl_check.failed"

- name: remove EPEL GPG key from keyring (Idempotant)
  rpm_key:
    state: absent
    key: /tmp/RPM-GPG-KEY-EPEL-7
  register: idempotant_test

- name: check Idempotant
  assert:
    that: "not idempotant_test.changed"

- name: add EPEL GPG key to key ring
  rpm_key:
    state: present
    key: /tmp/RPM-GPG-KEY-EPEL-7

- name: add EPEL GPG key to key ring (Idempotant)
  rpm_key:
    state: present
    key: /tmp/RPM-GPG-KEY-EPEL-7

- name: check GPG signature of sl. Should return okay
  shell: "rpm --checksig /tmp/sl.rpm"
  register: sl_check

- name: confirm that signature check succeeded
  assert:
    that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"

- name: remove GPG key from url
  rpm_key:
    state: absent
    key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

- name: Confirm key is missing
  shell: "rpm --checksig /tmp/sl.rpm"
  register: sl_check
  ignore_errors: yes

- name: confirm that signature check failed
  assert:
    that:
      - "'MISSING KEYS' in sl_check.stdout"
      - "sl_check.failed"

- name: add GPG key from url
  rpm_key:
    state: present
    key: https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

- name: check GPG signature of sl. Should return okay
  shell: "rpm --checksig /tmp/sl.rpm"
  register: sl_check

- name: confirm that signature check succeeded
  assert:
    that: "'rsa sha1 (md5) pgp md5 OK' in sl_check.stdout"
View Lorry Controller Status