73 lines
1.8 KiB
YAML
73 lines
1.8 KiB
YAML
|
# Set up a repo of unsigned rpms
|
||
|
- block:
|
||
|
- name: Ensure our test package isn't already installed
|
||
|
dnf:
|
||
|
name:
|
||
|
- fpaste
|
||
|
state: absent
|
||
|
|
||
|
- name: Install rpm-sign
|
||
|
dnf:
|
||
|
name:
|
||
|
- rpm-sign
|
||
|
state: present
|
||
|
|
||
|
- name: Create directory to use as local repo
|
||
|
file:
|
||
|
path: "{{ remote_tmp_dir }}/unsigned"
|
||
|
state: directory
|
||
|
|
||
|
- name: Download an RPM
|
||
|
get_url:
|
||
|
url: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/dnf/fpaste-0.3.9.1-1.fc27.noarch.rpm
|
||
|
dest: "{{ remote_tmp_dir }}/unsigned/fpaste-0.3.9.1-1.fc27.noarch.rpm"
|
||
|
mode: 0644
|
||
|
|
||
|
- name: Unsign the RPM
|
||
|
command: rpmsign --delsign "{{ remote_tmp_dir }}/unsigned/fpaste-0.3.9.1-1.fc27.noarch.rpm"
|
||
|
|
||
|
- name: createrepo
|
||
|
command: createrepo .
|
||
|
args:
|
||
|
chdir: "{{ remote_tmp_dir }}/unsigned"
|
||
|
|
||
|
- name: Add the repo
|
||
|
yum_repository:
|
||
|
name: unsigned
|
||
|
description: unsigned rpms
|
||
|
baseurl: "file://{{ remote_tmp_dir }}/unsigned/"
|
||
|
# we want to ensure that signing is verified
|
||
|
gpgcheck: true
|
||
|
|
||
|
- name: Install fpaste from above
|
||
|
dnf:
|
||
|
name:
|
||
|
- fpaste
|
||
|
disablerepo: '*'
|
||
|
enablerepo: unsigned
|
||
|
register: res
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- res is failed
|
||
|
- "'Failed to validate GPG signature' in res.msg"
|
||
|
|
||
|
always:
|
||
|
- name: Remove rpm-sign (and fpaste if it got installed)
|
||
|
dnf:
|
||
|
name:
|
||
|
- rpm-sign
|
||
|
- fpaste
|
||
|
state: absent
|
||
|
|
||
|
- name: Remove test repo
|
||
|
yum_repository:
|
||
|
name: unsigned
|
||
|
state: absent
|
||
|
|
||
|
- name: Remove repo dir
|
||
|
file:
|
||
|
path: "{{ remote_tmp_dir }}/unsigned"
|
||
|
state: absent
|