From: Anil Belur <abelur@linuxfoundation.org>
Date: Fri, 24 Jun 2022 12:02:24 +0000 (+1000)
Subject: Fix: Import the correct gpg keys for sigul and EL8
X-Git-Tag: v0.10.2^0
X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=1bbdb3b9477f25d71bc75862d9fb6f3aa69a924a;p=releng%2Fcommon-packer.git

Fix: Import the correct gpg keys for sigul and EL8

Sigul 1.1.1 is signed by the Fedora infrastructure key
therefore import the Fedora infra key before installing
the updated version on Sigul for CentOS8.

Import the EL8 GPG keys without which would fail
while installing several dependencies.

Issue-ID: IT-24054
Change-Id: I440b263ebb5f424496f21aa15e58bf7b34279f6e
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
---

diff --git a/provision/install-base-pkgs-RedHat.yaml b/provision/install-base-pkgs-RedHat.yaml
index 83970b7..cfd4207 100644
--- a/provision/install-base-pkgs-RedHat.yaml
+++ b/provision/install-base-pkgs-RedHat.yaml
@@ -58,6 +58,23 @@
   when:
     - ansible_facts.distribution_major_version|int >= 8
 
+- name: "Download the RPM GPG KEY for EPEL - {{ ansible_distribution_major_version }}"
+  get_url:
+    url: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
+    dest: /tmp/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
+    mode: 0600
+  become: true
+  when:
+    - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
+
+- name: Import RPM GPG KEY into the DB
+  rpm_key:
+    key: /tmp/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
+    state: present
+  become: true
+  when:
+    - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
+
 - name: Install base packages
   yum:
     name:
@@ -94,6 +111,23 @@
   when:
     - ansible_facts['distribution_major_version'] is version('8', '<')
 
+- name: "Download the RPM GPG KEY for CentOS 8 Sigul"
+  get_url:
+    url: https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS
+    dest: /tmp/RPM-GPG-KEY-INFRA-TAGS
+    mode: 0600
+  become: true
+  when:
+    - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
+
+- name: Import RPM GPG KEY into the DB for Sigul on CentOS 8
+  rpm_key:
+    key: /tmp/RPM-GPG-KEY-INFRA-TAGS
+    state: present
+  become: true
+  when:
+    - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=')
+
 - name: Install sigul client for EL 8 (Streams)
   yum:
     name:
diff --git a/releasenotes/notes/fix-import-gpg-keys-sigul-dc37a7e8d0952e5c.yaml b/releasenotes/notes/fix-import-gpg-keys-sigul-dc37a7e8d0952e5c.yaml
new file mode 100644
index 0000000..a31ee68
--- /dev/null
+++ b/releasenotes/notes/fix-import-gpg-keys-sigul-dc37a7e8d0952e5c.yaml
@@ -0,0 +1,11 @@
+---
+fixes:
+  - |
+    Import correct GPG keys for sigul and EL8
+
+    Sigul 1.1.1 is signed by the Fedora infrastructure GPG key
+    therefore import the Fedora infra key before installing
+    the updated version on Sigul for CentOS8.
+
+    Import the EL8 GPG keys without which would fail
+    while installing several dependencies.