Skip to content

Commit 00bc2db

Browse files
bertiethorpebertiethorpe
committed
hardcode cernvm gpg key
1 parent 0789ea5 commit 00bc2db

File tree

3 files changed

+40
-10
lines changed

3 files changed

+40
-10
lines changed

ansible/roles/eessi/defaults/main.yaml

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,34 @@ cvmfs_config_default:
1111
cvmfs_config_overrides: {}
1212
cvmfs_config: "{{ cvmfs_config_default | combine(cvmfs_config_overrides) }}"
1313

14-
cvmfs_gpg_checksum: "sha256:5c60679d307a96524204c127250e8ebdda66a459659faa1718bdf32dde1d7069"
14+
cvmfs_gpg_key: |
15+
-----BEGIN PGP PUBLIC KEY BLOCK-----
16+
Version: GnuPG v2.0.22 (GNU/Linux)
17+
18+
mQGiBEuGP6YRBADV89cbF4uoEX89Q8uxOklIDVJhOJAFKZ33LSdzHv3iObnjo5w4
19+
wbb8FiSir4oWgarAco4u0kR1yKjHJ33oVB2xmPOzW3NWoHI7aPF7tCgo7FY9hNoC
20+
4NEkNycvbfSoCScsv2yY5qz2q2sY1LWGZGbUXjBvKbmASe9sJFKJV7NsmwCg76W/
21+
aMazleHyDtooD8tk3ZWvpKcD/Rg51Oad+ZLc7h45wDMHpaDvOBeGoyp+k7JgQd87
22+
HfXiJtg/Q6zyTwrV3vCQvMpw3GRjRkZBcPgRWb6rUk68dL8fa2cTxhISX5/DIQzc
23+
mmuDa0EgCGGAKUZ4bHqaexFFnp/B+VKBPvJuxLa0cBDd6eewxNwtHJ90EaMeBzGd
24+
6zU2BADO9YbXiEMqRkfVLnuvD5G31/WJZvffXCxspnSfg923DbILWa4vNW9MLMsK
25+
IVHvyVr0mZF8xdyQNVPUX3/4uahKM4hwuFqdbyjuLGEIF3U73aIJ0+YDep/+I6yU
26+
JGHnxy8Ex+a1XIhJ1hSI7+oalSdt+w/pE3+2MQyUfSDPSXVA3LQ+Q2VyblZNIEFk
27+
bWluaXN0cmF0b3IgKGN2bWFkbWluKSA8Y2VybnZtLmFkbWluaXN0cmF0b3JAY2Vy
28+
bi5jaD6IXgQTEQIAHgIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAUCVwOYkgAKCRAj
29+
DTidiuRc50E1AJ9AYvH/cydD7029jxGcs8K87lo3jACdEhbCj3cjPsp2U/WfpgK1
30+
BQOMiwe5Ag0ES4Y/qBAIAL3sWKXQKpbIOpwX+mNX2IV2XxNBM3KYjYOEii66i9ap
31+
Po3BA39a9Wm9vh1kYIHTkh9Qqb8w53hc4ANkVT+cYzxXythGBjWoLtwCzKCPrIb7
32+
RQJRc956Ot0q4qmlcUEGi5zefSIoJZR5jyR7rZS+1PNJYI05xY2+Eah1u9UxrlzB
33+
H5DCsvUqTNK12WrPIibmLo8u+yIDJjwgh9O5YITC+et/g47NLfZdiAGPLEjvJFRi
34+
7Ju+8ywO32dSVBPJQDktr5BC950DKZHA9n+sJ63iF3lP/aCTECpxxUqXVVqioobw
35+
g5ytl60hw9I9sfwBP6z9PR90RcyT1l4giiBz9LV+KpcAAwUIAKeAxArGaJxzWziK
36+
s7D8TTuE50Nw+S3RGhVzwSKy7183Z11iOEMqbm2/zwp65wFkntCKmLKDnGsTgFNp
37+
stIyFwJmj34Axp7N3KGqXnTI+SIQd6VmzQ1phxfCOw8IGueOR6YI7S1GYWt7Dose
38+
ZKz4EWdvXCOkQAhbxq/HT2c3ihxsuxrErxz7QtNaYOFXiuLj3mYH9XaMeEe8Pkl+
39+
yyRTvyUNlMIu/i79qf+QUlsi10nCUm88cSXQiKWOJ4GiUoT+jD7pN4ohdALRVl0t
40+
l/EyPTw+asG3lQhPZ+solvJXp+i7KF7nwnyXDB63WNH15S1pQLMnqCuGCFyegf6j
41+
nOJU0AqISQQYEQIACQIbDAUCVwOYgwAKCRAjDTidiuRc534jAKDu/9BZU3rirEMr
42+
DuGbmN3ulUM+UgCfe7lg5qrGXUzZlJFTnTaTgS3Z0Rg=
43+
=fspm
44+
-----END PGP PUBLIC KEY BLOCK-----

ansible/roles/eessi/tasks/install.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
---
22

3-
- name: Download Cern GPG key
4-
# checkov:skip=CKV2_ANSIBLE_2: "Ensure that HTTPS url is used with get_url"
5-
ansible.builtin.get_url:
6-
url: https://cvmrepo.web.cern.ch/cvmrepo/yum/RPM-GPG-KEY-CernVM
3+
- name: Install Cern GPG key
4+
ansible.builtin.copy:
5+
content: "{{ cvmfs_gpg_key }}"
76
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-CernVM
8-
checksum: "{{ cvmfs_gpg_checksum }}"
9-
mode: "0644"
7+
owner: root
8+
group: root
9+
mode: '0644'
1010

1111
- name: Import downloaded GPG key # noqa: no-changed-when
1212
ansible.builtin.command: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CernVM # noqa: command-instead-of-module
@@ -19,4 +19,4 @@
1919

2020
- name: Install EESSI CVMFS config
2121
ansible.builtin.dnf:
22-
name: cvmfs-eessi-config
22+
name: cvmfs-config-eessi

environments/common/inventory/group_vars/all/dnf_repo_timestamps.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -238,8 +238,8 @@ dnf_repos_default:
238238
'8':
239239
pulp_path: eessi/rhel/8/noarch
240240
pulp_timestamp: 20251119T202303
241-
repo_file: cvmfs-eessi-config
241+
repo_file: cvmfs-config-eessi
242242
'9':
243243
pulp_path: eessi/rhel/8/noarch
244244
pulp_timestamp: 20251119T202303
245-
repo_file: cvmfs-eessi-config
245+
repo_file: cvmfs-config-eessi

0 commit comments

Comments
 (0)