diff --git a/attributes/default.rb b/attributes/default.rb index adbfb986..9cb9347e 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -175,9 +175,9 @@ # of the Agent will be signed with this key. # DATADOG_RPM_KEY_CURRENT always contains the key that is used to sign repodata and latest packages default['datadog']['yumrepo_gpgkey_new_current'] = "#{yum_protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public" -default['datadog']['yumrepo_gpgkey_new_e09422b3'] = "#{yum_protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public" -default['datadog']['yumrepo_gpgkey_new_fd4bf915'] = "#{yum_protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public" default['datadog']['yumrepo_gpgkey_new_b01082d3'] = "#{yum_protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public" +default['datadog']['yumrepo_gpgkey_new_fd4bf915'] = "#{yum_protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public" +default['datadog']['yumrepo_gpgkey_new_e09422b3'] = "#{yum_protocol}://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public" # Windows Agent Blacklist # Attribute to enforce silent failures on agent installs when attempting to install a diff --git a/recipes/repository.rb b/recipes/repository.rb index 91a8faa3..14d474cc 100644 --- a/recipes/repository.rb +++ b/recipes/repository.rb @@ -48,9 +48,9 @@ # DATADOG_RPM_KEY_FD4BF915.public expires in 2024 # DATADOG_RPM_KEY_B01082D3.public expires in 2028 rpm_gpg_keys = [['DATADOG_RPM_KEY_CURRENT.public', 'current', ''], - ['DATADOG_RPM_KEY_E09422B3.public', 'e09422b3', 'A4C0 B90D 7443 CF6E 4E8A A341 F106 8E14 E094 22B3'], - ['DATADOG_RPM_KEY_FD4BF915.public', 'fd4bf915', 'C655 9B69 0CA8 82F0 23BD F3F6 3F4D 1729 FD4B F915']] - ['DATADOG_RPM_KEY_B01082D3.public', 'b01082d3', '7408 BFD5 6BC5 BF0C 361A AAE8 5D88 EEA3 B010 82D3']] + ['DATADOG_RPM_KEY_B01082D3.public', 'b01082d3', '7408 BFD5 6BC5 BF0C 361A AAE8 5D88 EEA3 B010 82D3'], + ['DATADOG_RPM_KEY_FD4BF915.public', 'fd4bf915', 'C655 9B69 0CA8 82F0 23BD F3F6 3F4D 1729 FD4B F915'], + ['DATADOG_RPM_KEY_E09422B3.public', 'e09422b3', 'A4C0 B90D 7443 CF6E 4E8A A341 F106 8E14 E094 22B3']] # Local file name of the key rpm_gpg_keys_name = 0 @@ -178,7 +178,7 @@ def warn_deprecated_yumrepo_gpgkey action :remove end - apt_repository 'datadog_apt_A2923DFF56EDA6E76E55E492D3A80E30382E94DE' do + apt_repository 'datadog_apt_5F1E256061D813B125E156E8E6266D4AC0962C7D' do action :remove end @@ -186,7 +186,7 @@ def warn_deprecated_yumrepo_gpgkey action :remove end - apt_repository 'datadog_apt_5F1E256061D813B125E156E8E6266D4AC0962C7D' do + apt_repository 'datadog_apt_A2923DFF56EDA6E76E55E492D3A80E30382E94DE' do action :remove end diff --git a/spec/repository_spec.rb b/spec/repository_spec.rb index 2ac6ea51..ca8a8890 100644 --- a/spec/repository_spec.rb +++ b/spec/repository_spec.rb @@ -115,16 +115,16 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to remove_apt_repository('datadog-beta') end - it 'removes the datadog_apt_A2923DFF56EDA6E76E55E492D3A80E30382E94DE repo' do - expect(chef_run).to remove_apt_repository('datadog_apt_A2923DFF56EDA6E76E55E492D3A80E30382E94DE') + it 'removes the datadog_apt_5F1E256061D813B125E156E8E6266D4AC0962C7D repo' do + expect(chef_run).to remove_apt_repository('datadog_apt_5F1E256061D813B125E156E8E6266D4AC0962C7D') end it 'removes the datadog_apt_D75CEA17048B9ACBF186794B32637D44F14F620E repo' do expect(chef_run).to remove_apt_repository('datadog_apt_D75CEA17048B9ACBF186794B32637D44F14F620E') end - it 'removes the datadog_apt_5F1E256061D813B125E156E8E6266D4AC0962C7D repo' do - expect(chef_run).to remove_apt_repository('datadog_apt_5F1E256061D813B125E156E8E6266D4AC0962C7D') + it 'removes the datadog_apt_A2923DFF56EDA6E76E55E492D3A80E30382E94DE repo' do + expect(chef_run).to remove_apt_repository('datadog_apt_A2923DFF56EDA6E76E55E492D3A80E30382E94DE') end end @@ -182,9 +182,9 @@ def handle_keys(key_list, install_gnupg = true) end.converge(described_recipe) end - # Key E09422B3 - # Key FD4BF915 (from 2020-09-08 to 2024-09-07) # Key B01082D3 (from 2023-04-20 to 2028-04-18) + # Key FD4BF915 (from 2020-09-08 to 2024-09-07) + # Key E09422B3 handle_keys ['current', 'b01082d3', 'fd4bf915', 'e09422b3'] # prefer HTTPS on boxes that support TLS1.2 @@ -192,9 +192,9 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to create_yum_repository('datadog').with( gpgkey: [ 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', 'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', ] ).with(repo_gpgcheck: true) end @@ -209,9 +209,9 @@ def handle_keys(key_list, install_gnupg = true) end.converge(described_recipe) end - # Key E09422B3 - # Key FD4BF915 (from 2020-09-08 to 2024-09-07) # Key B01082D3 (from 2023-04-20 to 2028-04-18) + # Key FD4BF915 (from 2020-09-08 to 2024-09-07) + # Key E09422B3 handle_keys ['b01082d3', 'fd4bf915', 'e09422b3'] # prefer HTTPS on boxes that support TLS1.2 @@ -219,8 +219,9 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to create_yum_repository('datadog').with( gpgkey: [ 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', 'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', ] ).with(repo_gpgcheck: true) end @@ -235,9 +236,9 @@ def handle_keys(key_list, install_gnupg = true) end.converge(described_recipe) end - # Key E09422B3 - # Key FD4BF915 (from 2020-09-08 to 2024-09-07) # Key B01082D3 (from 2023-04-20 to 2028-04-18) + # Key FD4BF915 (from 2020-09-08 to 2024-09-07) + # Key E09422B3 handle_keys ['b01082d3', 'fd4bf915', 'e09422b3'] # RHEL5 has to use insecure HTTP due to lack of support for TLS1.2 @@ -246,9 +247,9 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to create_yum_repository('datadog').with( gpgkey: [ 'http://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', - 'http://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'http://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', 'http://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', + 'http://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'http://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', ] ).with(repo_gpgcheck: false) end @@ -268,9 +269,9 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to create_yum_repository('datadog').with( gpgkey: [ 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', 'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', ] ).with(repo_gpgcheck: false) end @@ -290,9 +291,9 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to create_yum_repository('datadog').with( gpgkey: [ 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', 'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', ] ).with(repo_gpgcheck: true) end @@ -312,9 +313,9 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to create_yum_repository('datadog').with( gpgkey: [ 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', 'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', ] ).with(repo_gpgcheck: true) end @@ -334,9 +335,9 @@ def handle_keys(key_list, install_gnupg = true) expect(chef_run).to create_yum_repository('datadog').with( gpgkey: [ 'https://keys.datadoghq.com/DATADOG_RPM_KEY_CURRENT.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', - 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', 'https://keys.datadoghq.com/DATADOG_RPM_KEY_B01082D3.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_FD4BF915.public', + 'https://keys.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', ] ).with(repo_gpgcheck: true) end @@ -357,7 +358,7 @@ def handle_keys(key_list, install_gnupg = true) end.converge(described_recipe) end - handle_keys (['e09422b3', 'fd4bf915', 'b01082d3'], false) + handle_keys(['b01082d3', 'fd4bf915', 'e09422b3'], false) it 'deletes the old RPM GPG key 4172a230 if it exists' do expect(chef_run).to run_execute('rpm-remove old gpg key 4172a230-55dd14f6') diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a0d5d91f..3fa6c269 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -46,9 +46,9 @@ def min_chef_version(version) # recipes/repository.rb stub_command('rpm -q gpg-pubkey-current').and_return(false) - stub_command('rpm -q gpg-pubkey-e09422b3').and_return(false) - stub_command('rpm -q gpg-pubkey-fd4bf915').and_return(false) stub_command('rpm -q gpg-pubkey-b01082d3').and_return(false) + stub_command('rpm -q gpg-pubkey-fd4bf915').and_return(false) + stub_command('rpm -q gpg-pubkey-e09422b3').and_return(false) stub_command('rpm -q gpg-pubkey-4172a230-55dd14f6').and_return(true) stub_command('apt-key adv --list-public-keys --with-fingerprint --with-colons | grep 382E94DE | grep pub').and_return(false) end diff --git a/test/integration/dd-agent-handler5/serverspec_datadog/dd-agent_spec.rb b/test/integration/dd-agent-handler5/serverspec_datadog/dd-agent_spec.rb index 521fe014..244fd53a 100644 --- a/test/integration/dd-agent-handler5/serverspec_datadog/dd-agent_spec.rb +++ b/test/integration/dd-agent-handler5/serverspec_datadog/dd-agent_spec.rb @@ -33,15 +33,15 @@ # The new APT keys are imported describe command('apt-key list'), :if => ['debian', 'ubuntu'].include?(os[:family]) do its(:exit_status) { should eq 0 } - its(:stdout) { should contain '382E94DE' } - its(:stdout) { should contain 'F14F620E' } its(:stdout) { should contain 'C0962C7D' } + its(:stdout) { should contain 'F14F620E' } + its(:stdout) { should contain '382E94DE' } end # The new RPM keys are imported -describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-e09422b3' } + its(:stdout) { should contain 'gpg-pubkey-b01082d3' } end describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do @@ -49,7 +49,7 @@ its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } end -describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-b01082d3' } + its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end diff --git a/test/integration/dd-agent-handler6/serverspec_datadog/dd-agent_spec.rb b/test/integration/dd-agent-handler6/serverspec_datadog/dd-agent_spec.rb index 53a14139..c5fc0e6b 100644 --- a/test/integration/dd-agent-handler6/serverspec_datadog/dd-agent_spec.rb +++ b/test/integration/dd-agent-handler6/serverspec_datadog/dd-agent_spec.rb @@ -31,15 +31,15 @@ # The new APT keys are imported describe command('apt-key list'), :if => ['debian', 'ubuntu'].include?(os[:family]) do its(:exit_status) { should eq 0 } - its(:stdout) { should contain '382E94DE' } - its(:stdout) { should contain 'F14F620E' } its(:stdout) { should contain 'C0962C7D' } + its(:stdout) { should contain 'F14F620E' } + its(:stdout) { should contain '382E94DE' } end # The new RPM keys are imported -describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-e09422b3' } + its(:stdout) { should contain 'gpg-pubkey-b01082d3' } end describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do @@ -47,7 +47,7 @@ its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } end -describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-b01082d3' } + its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end diff --git a/test/integration/dd-agent-handler7/serverspec_datadog/dd-agent_spec.rb b/test/integration/dd-agent-handler7/serverspec_datadog/dd-agent_spec.rb index 6a00020d..2f06ef29 100644 --- a/test/integration/dd-agent-handler7/serverspec_datadog/dd-agent_spec.rb +++ b/test/integration/dd-agent-handler7/serverspec_datadog/dd-agent_spec.rb @@ -31,15 +31,15 @@ # The new APT keys are imported describe command('apt-key list'), :if => ['debian', 'ubuntu'].include?(os[:family]) do its(:exit_status) { should eq 0 } - its(:stdout) { should contain '382E94DE' } - its(:stdout) { should contain 'F14F620E' } its(:stdout) { should contain 'C0962C7D' } + its(:stdout) { should contain 'F14F620E' } + its(:stdout) { should contain '382E94DE' } end # The new RPM keys are imported -describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-e09422b3' } + its(:stdout) { should contain 'gpg-pubkey-b01082d3' } end describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do @@ -47,7 +47,7 @@ its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } end -describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-b01082d3' } + its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end diff --git a/test/integration/dd-agent-iot/serverspec_datadog/dd-agent_spec.rb b/test/integration/dd-agent-iot/serverspec_datadog/dd-agent_spec.rb index b43104ef..ad56fcee 100644 --- a/test/integration/dd-agent-iot/serverspec_datadog/dd-agent_spec.rb +++ b/test/integration/dd-agent-iot/serverspec_datadog/dd-agent_spec.rb @@ -33,15 +33,15 @@ # The new APT keys are imported describe command('apt-key list'), :if => ['debian', 'ubuntu'].include?(os[:family]) do its(:exit_status) { should eq 0 } - its(:stdout) { should contain '382E94DE' } - its(:stdout) { should contain 'F14F620E' } its(:stdout) { should contain 'C0962C7D' } + its(:stdout) { should contain 'F14F620E' } + its(:stdout) { should contain '382E94DE' } end # The new RPM keys are imported -describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-e09422b3' } + its(:stdout) { should contain 'gpg-pubkey-b01082d3' } end describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do @@ -49,7 +49,7 @@ its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } end -describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-b01082d3' } + its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end diff --git a/test/integration/dd-agent/serverspec_datadog/dd-agent_spec.rb b/test/integration/dd-agent/serverspec_datadog/dd-agent_spec.rb index 6a00020d..2f06ef29 100644 --- a/test/integration/dd-agent/serverspec_datadog/dd-agent_spec.rb +++ b/test/integration/dd-agent/serverspec_datadog/dd-agent_spec.rb @@ -31,15 +31,15 @@ # The new APT keys are imported describe command('apt-key list'), :if => ['debian', 'ubuntu'].include?(os[:family]) do its(:exit_status) { should eq 0 } - its(:stdout) { should contain '382E94DE' } - its(:stdout) { should contain 'F14F620E' } its(:stdout) { should contain 'C0962C7D' } + its(:stdout) { should contain 'F14F620E' } + its(:stdout) { should contain '382E94DE' } end # The new RPM keys are imported -describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-e09422b3' } + its(:stdout) { should contain 'gpg-pubkey-b01082d3' } end describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do @@ -47,7 +47,7 @@ its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } end -describe command('rpm -q gpg-pubkey-b01082d3'), :if => os[:family] == 'redhat' do +describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-b01082d3' } + its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end