ansible/test/integration/targets/dnf/tasks/gpg.yml

78 lines
1.7 KiB
YAML
Raw Normal View History

# Set up a repo of unsigned rpms
- block:
- set_fact:
pkg_name: langtable
pkg_repo_dir: "{{ remote_tmp_dir }}/unsigned"
- name: Ensure our test package isn't already installed
dnf:
name:
- '{{ pkg_name }}'
state: absent
- name: Install rpm-sign
dnf:
name:
- rpm-sign
state: present
- name: Create directory to use as local repo
file:
path: "{{ pkg_repo_dir }}"
state: directory
- name: Download the test package
dnf:
name: '{{ pkg_name }}'
state: latest
download_only: true
download_dir: "{{ pkg_repo_dir }}"
- name: Unsign the RPM
shell: rpmsign --delsign {{ remote_tmp_dir }}/unsigned/{{ pkg_name }}*
- name: createrepo
command: createrepo .
args:
chdir: "{{ pkg_repo_dir }}"
- name: Add the repo
yum_repository:
name: unsigned
description: unsigned rpms
baseurl: "file://{{ pkg_repo_dir }}"
# we want to ensure that signing is verified
gpgcheck: true
- name: Install test package
dnf:
name:
- "{{ pkg_name }}"
disablerepo: '*'
enablerepo: unsigned
register: res
ignore_errors: yes
- assert:
that:
- res is failed
- "'Failed to validate GPG signature' in res.msg"
always:
- name: Remove rpm-sign (and test package if it got installed)
dnf:
name:
- rpm-sign
- "{{ pkg_name }}"
state: absent
- name: Remove test repo
yum_repository:
name: unsigned
state: absent
- name: Remove repo dir
file:
path: "{{ pkg_repo_dir }}"
state: absent