From 48a217bf2d8f1416541c92b44cbc80518013f322 Mon Sep 17 00:00:00 2001 From: James Denton Date: Wed, 21 Oct 2020 16:20:50 -0500 Subject: [PATCH] Add GPG Key for EPEL8 Repo The patch adds the GPG key for the EPEL 8 repo to allow gpgcheck to be successful. Change-Id: I6402d45ca541b8bb7a35ed73b63256f13c58e4f3 --- files/gpg/2F86D6A1 | 28 ++++++++++++++++++++++++++++ tasks/main.yml | 37 +++++++++++++++++++++++++++++++++++++ vars/redhat-8.yml | 5 +++++ 3 files changed, 70 insertions(+) create mode 100644 files/gpg/2F86D6A1 diff --git a/files/gpg/2F86D6A1 b/files/gpg/2F86D6A1 new file mode 100644 index 0000000..30b69a6 --- /dev/null +++ b/files/gpg/2F86D6A1 @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFz3zvsBEADJOIIWllGudxnpvJnkxQz2CtoWI7godVnoclrdl83kVjqSQp+2 +dgxuG5mUiADUfYHaRQzxKw8efuQnwxzU9kZ70ngCxtmbQWGmUmfSThiapOz00018 ++eo5MFabd2vdiGo1y+51m2sRDpN8qdCaqXko65cyMuLXrojJHIuvRA/x7iqOrRfy +a8x3OxC4PEgl5pgDnP8pVK0lLYncDEQCN76D9ubhZQWhISF/zJI+e806V71hzfyL +/Mt3mQm/li+lRKU25Usk9dWaf4NH/wZHMIPAkVJ4uD4H/uS49wqWnyiTYGT7hUbi +ecF7crhLCmlRzvJR8mkRP6/4T/F3tNDPWZeDNEDVFUkTFHNU6/h2+O398MNY/fOh +yKaNK3nnE0g6QJ1dOH31lXHARlpFOtWt3VmZU0JnWLeYdvap4Eff9qTWZJhI7Cq0 +Wm8DgLUpXgNlkmquvE7P2W5EAr2E5AqKQoDbfw/GiWdRvHWKeNGMRLnGI3QuoX3U +pAlXD7v13VdZxNydvpeypbf/AfRyrHRKhkUj3cU1pYkM3DNZE77C5JUe6/0nxbt4 +ETUZBTgLgYJGP8c7PbkVnO6I/KgL1jw+7MW6Az8Ox+RXZLyGMVmbW/TMc8haJfKL +MoUo3TVk8nPiUhoOC0/kI7j9ilFrBxBU5dUtF4ITAWc8xnG6jJs/IsvRpQARAQAB +tChGZWRvcmEgRVBFTCAoOCkgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB +AgAiBQJc9877AhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAh6kWrL4bW +oWagD/4xnLWws34GByVDQkjprk0fX7Iyhpm/U7BsIHKspHLL+Y46vAAGY/9vMvdE +0fcr9Ek2Zp7zE1RWmSCzzzUgTG6BFoTG1H4Fho/7Z8BXK/jybowXSZfqXnTOfhSF +alwDdwlSJvfYNV9MbyvbxN8qZRU1z7PEWZrIzFDDToFRk0R71zHpnPTNIJ5/YXTw +NqU9OxII8hMQj4ufF11040AJQZ7br3rzerlyBOB+Jd1zSPVrAPpeMyJppWFHSDAI +WK6x+am13VIInXtqB/Cz4GBHLFK5d2/IYspVw47Solj8jiFEtnAq6+1Aq5WH3iB4 +bE2e6z00DSF93frwOyWN7WmPIoc2QsNRJhgfJC+isGQAwwq8xAbHEBeuyMG8GZjz +xohg0H4bOSEujVLTjH1xbAG4DnhWO/1VXLX+LXELycO8ZQTcjj/4AQKuo4wvMPrv +9A169oETG+VwQlNd74VBPGCvhnzwGXNbTK/KH1+WRH0YSb+41flB3NKhMSU6dGI0 +SGtIxDSHhVVNmx2/6XiT9U/znrZsG5Kw8nIbbFz+9MGUUWgJMsd1Zl9R8gz7V9fp +n7L7y5LhJ8HOCMsY/Z7/7HUs+t/A1MI4g7Q5g5UuSZdgi0zxukiWuCkLeAiAP4y7 +zKK4OjJ644NDcWCHa36znwVmkz3ixL8Q0auR15Oqq2BjR/fyog== +=84m8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tasks/main.yml b/tasks/main.yml index 23071fe..82a1bbf 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -26,6 +26,43 @@ tags: - always +# Copy all factored-in GPG keys. +# KeyID 2F86D6A1 from https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 +- name: If a keyfile is provided, copy the gpg keyfile to the key location + copy: + src: "{{ item.keyfile }}" + dest: "{{ item.key }}" + mode: '0644' + with_items: "{{ systemd_networkd_package_repos_keys | selectattr('keyfile','defined') | list }}" + when: + - ansible_os_family | lower == 'redhat' + - ansible_distribution_major_version is version('8', '>=') + +- name: Ensure GPG keys have the correct SELinux contexts applied + command: restorecon -Rv /etc/pki/rpm-gpg/ + # TODO(evrardjp): Be more idempotent + changed_when: false + when: + - ansible_os_family | lower == 'redhat' + - ansible_distribution_major_version is version('8', '>=') + +# Handle gpg keys manually +- name: Install gpg keys + rpm_key: + key: "{{ key.key }}" + validate_certs: "{{ key.validate_certs | default(omit) }}" + state: "{{ key.state | default('present') }}" + with_items: "{{ systemd_networkd_package_repos_keys }}" + loop_control: + loop_var: key + register: _add_yum_keys + until: _add_yum_keys is success + retries: 5 + delay: 2 + when: + - ansible_os_family | lower == 'redhat' + - ansible_distribution_major_version is version('8', '>=') + - name: Install the EPEL repository yum_repository: name: epel-networkd diff --git a/vars/redhat-8.yml b/vars/redhat-8.yml index e8190ba..49c462c 100644 --- a/vars/redhat-8.yml +++ b/vars/redhat-8.yml @@ -21,3 +21,8 @@ _systemd_resolved_available: false _systemd_networkd_update_initramfs: "dracut -f" systemd_networkd_enablerepo: epel + +systemd_networkd_package_repos_keys: + - name: epel-8 + key: /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 + keyfile: gpg/2F86D6A1