Remove embedded GPG keys only if legacy keyring is present
continuous-integration/drone/push Build is passing Details
continuous-integration/drone/pr Build is failing Details

This commit is contained in:
Jérémy Lecour 2021-07-04 22:08:47 +02:00 committed by Jérémy Lecour
parent ffd7d0e504
commit 29ec7bdcf2
17 changed files with 129 additions and 2 deletions

View File

@ -22,6 +22,7 @@ The **patch** part changes incrementally at each release.
### Changed ### Changed
* Use python3 modules for Debian 11 and later * Use python3 modules for Debian 11 and later
* Remove embedded GPG keys only if legacy keyring is present
* elasticsearch: 7.x by default * elasticsearch: 7.x by default
* evolinux-base: alert5 comes after the network * evolinux-base: alert5 comes after the network
* evolinux-base: force Debian version to buster for Evolix repository (temporary) * evolinux-base: force Debian version to buster for Evolix repository (temporary)

View File

@ -1,10 +1,18 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
- name: Evolix embedded GPG key is absent - name: Evolix embedded GPG key is absent
apt_key: apt_key:
id: "B8612B5D" id: "B8612B5D"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- apt - apt

View File

@ -8,11 +8,20 @@
- elasticsearch - elasticsearch
- packages - packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- elasticsearch
- packages
- name: Elastic embedded GPG key is absent - name: Elastic embedded GPG key is absent
apt_key: apt_key:
id: "D88E42B4" id: "D88E42B4"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- elasticsearch - elasticsearch
- packages - packages

View File

@ -35,6 +35,11 @@
changed_when: "'FAILED' in raidmodel.stdout" changed_when: "'FAILED' in raidmodel.stdout"
failed_when: "'FAILED' in raidmodel.stdout" failed_when: "'FAILED' in raidmodel.stdout"
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: HPE Smart Storage Administrator (ssacli) is present - name: HPE Smart Storage Administrator (ssacli) is present
block: block:
- name: HPE GPG embedded key is absent - name: HPE GPG embedded key is absent
@ -42,6 +47,7 @@
id: "26C2B797" id: "26C2B797"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
- name: HPE GPG key is installed - name: HPE GPG key is installed
copy: copy:
@ -108,7 +114,9 @@
id: "23B3D3B4" id: "23B3D3B4"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: ansible_distribution_major_version is version('9', '>=') when:
- trusted_gpg_keyring.stat.present
- ansible_distribution_major_version is version('9', '>=')
- name: HWRaid GPG key is installed - name: HWRaid GPG key is installed
copy: copy:

View File

@ -8,11 +8,20 @@
- filebeat - filebeat
- packages - packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- filebeat
- packages
- name: Elastic embedded GPG key is absent - name: Elastic embedded GPG key is absent
apt_key: apt_key:
id: "D88E42B4" id: "D88E42B4"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- filebeat - filebeat
- packages - packages

View File

@ -1,10 +1,19 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- packages
- fluentd
- name: Fluentd embedded GPG key is absent - name: Fluentd embedded GPG key is absent
apt_key: apt_key:
id: "AB97ACBE" id: "AB97ACBE"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- packages - packages
- fluentd - fluentd

View File

@ -5,11 +5,17 @@
# http://mirrors.jenkins.io/.* # http://mirrors.jenkins.io/.*
# http://jenkins.mirror.isppower.de/.* # http://jenkins.mirror.isppower.de/.*
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Jenkins embedded GPG key is absent - name: Jenkins embedded GPG key is absent
apt_key: apt_key:
id: "D50582E6" id: "D50582E6"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Jenkins GPG key - name: Add Jenkins GPG key
copy: copy:

View File

@ -8,11 +8,20 @@
- kibana - kibana
- packages - packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- kibana
- packages
- name: Elastic embedded GPG key is absent - name: Elastic embedded GPG key is absent
apt_key: apt_key:
id: "D88E42B4" id: "D88E42B4"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- kibana - kibana
- packages - packages

View File

@ -8,11 +8,20 @@
- logstash - logstash
- packages - packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- logstash
- packages
- name: Elastic embedded GPG key is absent - name: Elastic embedded GPG key is absent
apt_key: apt_key:
id: "D88E42B4" id: "D88E42B4"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- logstash - logstash
- packages - packages

View File

@ -8,11 +8,20 @@
- metricbeat - metricbeat
- packages - packages
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- metricbeat
- packages
- name: Elastic embedded GPG key is absent - name: Elastic embedded GPG key is absent
apt_key: apt_key:
id: "D88E42B4" id: "D88E42B4"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- metricbeat - metricbeat
- packages - packages

View File

@ -1,11 +1,16 @@
--- ---
# https://wiki.debian.org/DebianRepository/UseThirdParty - name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent - name: MongoDB embedded GPG key is absent
apt_key: apt_key:
id: "B8612B5D" id: "B8612B5D"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add MongoDB GPG key - name: Add MongoDB GPG key
copy: copy:

View File

@ -1,10 +1,16 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: MongoDB embedded GPG key is absent - name: MongoDB embedded GPG key is absent
apt_key: apt_key:
id: "B8612B5D" id: "B8612B5D"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add MongoDB GPG key - name: Add MongoDB GPG key
copy: copy:

View File

@ -1,10 +1,16 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: NewRelic embedded GPG key is absent - name: NewRelic embedded GPG key is absent
apt_key: apt_key:
id: "548C16BF" id: "548C16BF"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add NewRelic GPG key - name: Add NewRelic GPG key
copy: copy:

View File

@ -9,11 +9,21 @@
- packages - packages
- nodejs - nodejs
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- name: NodeJS embedded GPG key is absent - name: NodeJS embedded GPG key is absent
apt_key: apt_key:
id: "68576280" id: "68576280"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- system - system
- packages - packages

View File

@ -1,10 +1,21 @@
--- ---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- system
- packages
- nodejs
- yarn
- name: Yarn embedded GPG key is absent - name: Yarn embedded GPG key is absent
apt_key: apt_key:
id: "86E50310" id: "86E50310"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
tags: tags:
- system - system
- packages - packages

View File

@ -3,11 +3,17 @@
- set_fact: - set_fact:
percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb" percona__apt_config_package_file: "percona-release_latest.{{ ansible_distribution_release }}_all.deb"
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: Percona embedded GPG key is absent - name: Percona embedded GPG key is absent
apt_key: apt_key:
id: "8507EFA5" id: "8507EFA5"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add Percona GPG key - name: Add Percona GPG key
copy: copy:

View File

@ -13,11 +13,17 @@
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main" repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
update_cache: yes update_cache: yes
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
- name: PGDG embedded GPG key is absent - name: PGDG embedded GPG key is absent
apt_key: apt_key:
id: "ACCC4CF8" id: "ACCC4CF8"
keyring: /etc/apt/trusted.gpg keyring: /etc/apt/trusted.gpg
state: absent state: absent
when: _trusted_gpg_keyring.stat.exists
- name: Add PGDG GPG key - name: Add PGDG GPG key
copy: copy: