Temporarily disable rpm key verification

gotmax23 · Dec 24, 2021 · 196fcac · 196fcac
1 parent bc3849a
commit 196fcac
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 16 deletions.
diff --git a/.generator/links.md b/.generator/links.md
@@ -1,3 +1,5 @@
 \[1]: http://packman.links2linux.org/mirrors
 
 \[2]: https://en.opensuse.org/Additional_package_repositories
+
+\[3]: https://github.com/gotmax23/ansible-role-packman/issues/2
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -8,5 +8,7 @@ packman_state: present
 # The default option comes directly from the [OpenSUSE Wiki][2].
 packman_mirror: "https://ftp.gwdg.de/pub/linux/misc/packman"
 
+# This option is temporarily disabled.
+# See https://github.com/gotmax23/ansible-role-packman/issues/2 [3] for more information
 # Whether to check the Packman RPM repo signing key's fingerprint before importing it.
-packman_check_key_fingerprint: true
+# packman_check_key_fingerprint: true
diff --git a/tasks/assert.yml b/tasks/assert.yml
@@ -14,9 +14,9 @@
       - packman_mirror is string
     quiet: true
 
-- name: Ensure that packman_check_key_fingerprint is set correctly
-  ansible.builtin.assert:
-    that:
-      - packman_check_key_fingerprint is defined
-      - packman_check_key_fingerprint is boolean
-    quiet: true
+# - name: Ensure that packman_check_key_fingerprint is set correctly
+#   ansible.builtin.assert:
+#     that:
+#       - packman_check_key_fingerprint is defined
+#       - packman_check_key_fingerprint is boolean
+#     quiet: true
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -9,17 +9,18 @@
       connection: local
       become: false
 
-    - name: "{{ installw }} Packamn GPG key"
-      ansible.builtin.rpm_key:
-        key: "{{ packman_gpg_key_url }}"
-        fingerprint: "{{ packman_gpg_key_fingerprint if packman_check_key_fingerprint | bool else omit }}"
-        state: "{{ packman_state }}"
+    # - name: "{{ installw }} Packamn GPG key"
+    #   ansible.builtin.rpm_key:
+    #     key: "{{ packman_gpg_key_url }}"
+    #     fingerprint: "{{ packman_gpg_key_fingerprint if packman_check_key_fingerprint | bool else omit }}"
+    #     state: "{{ packman_state }}"
 
     - name: "{{ installw }} Packman Repository"
       notify: zypper_dist_upgrade
       community.general.zypper_repository:
         name: packman
         refresh: true
         priority: 90
+        auto_import_keys: true
         repo: "{{ packman_repo_url }}"
         state: "{{ packman_state }}"
diff --git a/vars/main.yml b/vars/main.yml
@@ -9,9 +9,10 @@ _packman_repo_url:
   "openSUSE Tumbleweed": "{{ packman_mirror }}/suse/openSUSE_Tumbleweed/"
 packman_repo_url: "{{ _packman_repo_url[ansible_distribution] }}"
 
-_packman_gpg_key_url:
-  "openSUSE Tumbleweed": "https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/repodata/repomd.xml.key"
-  "openSUSE Leap": "https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_{{ ansible_distribution_version }}/repodata/repomd.xml.key"
-packman_gpg_key_url: "{{ _packman_gpg_key_url[ansible_distribution] }}"
+# _packman_gpg_key_url:
+#   "openSUSE Tumbleweed": "https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/repodata/repomd.xml.key"
+#   "openSUSE Leap": "https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_{{ ansible_distribution_version }}/repodata/repomd.xml.key"
+# packman_gpg_key_url: "{{ _packman_gpg_key_url[ansible_distribution] }}"
+packman_gpg_key_url: "https://ftp.gwdg.de/pub/linux/misc/packman/gpg-pubkey-1abd1afb.asc"
 
 packman_gpg_key_fingerprint: "F887 5B88 0D51 8B6B 8C53  0D13 45A1 D067 1ABD 1AFB"