Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure GPG keys are configured fails on rocky linux 9 #20

Closed
fgierlinger opened this issue Aug 15, 2022 · 3 comments
Closed

Ensure GPG keys are configured fails on rocky linux 9 #20

fgierlinger opened this issue Aug 15, 2022 · 3 comments
Assignees

Comments

@fgierlinger
Copy link

fgierlinger commented Aug 15, 2022

Describe the Issue
The task 1.2.2 | AUDIT | Ensure GPG keys are configured fails on rocky linux 9 because:

  1. No rpm_packager is set for rocky linux.
  2. The rpm_gpg_key defined in vars/Rocky.yml does not exist
  3. The regex of the task does not match the pgp signature output

- name: "1.2.2 | AUDIT | Ensure GPG keys are configured"
shell: "PKG=`rpm -qf {{ rpm_gpg_key }}` && rpm -q --queryformat \"%{PACKAGER} %{SIGPGP:pgpsig}\\n\" \"${PKG}\" | grep \"^{{ rpm_packager }}.*Key.ID.{{ rpm_key }}\""
changed_when: false
when:
- rhel9cis_rule_1_2_2
- ansible_distribution == "RedHat" or
ansible_distribution == "Rocky"
tags:
- level1-server
- level1-workstation
- manual
- patch
- rule_1.2.2

[root@5ddf9d59692f /]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.0 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.0"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.0 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.0"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.0"
[root@5ddf9d59692f /]# ls -l /etc/pki/rpm-gpg/
total 8
-rw-r--r-- 1 root root 1750 Jul  4 20:35 RPM-GPG-KEY-Rocky-9
-rw-r--r-- 1 root root 3159 Jul  4 20:35 RPM-GPG-KEY-Rocky-9-Testing
[root@5ddf9d59692f /]# PKG=`rpm -qf /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9` && rpm -q --queryformat "%{PACKAGER} %{SIGPGP:pgpsig}\n" "${PKG}"
Rocky Linux Build System (Peridot) <[email protected]> (none)

Expected Behavior
The task 1.2.2 | AUDIT | Ensure GPG keys are configured succeeds on Rocky Linux.

Actual Behavior
The task 1.2.2 | AUDIT | Ensure GPG keys are configured fails on Rocky Linux.

Control(s) Affected
1.2.2

Environment (please complete the following information):

  • branch being used: devel (f769197)
  • Ansible Version: 4.10.0 (core 2.11.12)
  • Host Python Version: 3.9.10
  • Ansible Server Python Version: 3.6.8
  • Additional Details: -

Additional Notes

Possible Solution
Adapt the variables for gpg checking for Rocky Linux and modify the regex, which doesn't match the key description of Rockylinux.

# vars/Rocky.yml
rpm_gpg_key: /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
@uk-bolly uk-bolly self-assigned this Aug 23, 2022
@uk-bolly
Copy link
Member

hi @fgierlinger

Thank you for the feedback on this new repository, This really helps us to improve the content being delivered.
When this was originally released rocky was not available, since then a new PR was created to enable support for rocky along with many other improvements.
This is included in the updates branch currently and awaiting PR approval. Hoping to get this carried out over the next couple of days.

Many thanks once again uk-bolly

@uk-bolly
Copy link
Member

hi @fgierlinger

This was pulled in #18 PR.

I assume all is working as expected?

many thanks

uk-bolly

@uk-bolly
Copy link
Member

Closing Issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants