From 5cd5822215ff2dc40982a50c354ef4f837c4ebfa Mon Sep 17 00:00:00 2001 From: Trial97 Date: Thu, 19 Aug 2021 14:59:44 +0300 Subject: [PATCH] Updated ansible for debian --- data/ansible/deb_packages/gpg-gen-key.yaml | 7 ------ data/ansible/deb_packages/gpg.yaml | 27 ++++++++++++++++++++++ data/ansible/rpm_packages/gpg-gen-key.yaml | 7 ------ data/ansible/rpm_packages/gpg.yaml | 10 ++++++++ 4 files changed, 37 insertions(+), 14 deletions(-) diff --git a/data/ansible/deb_packages/gpg-gen-key.yaml b/data/ansible/deb_packages/gpg-gen-key.yaml index b13eb01f1..00d946d1f 100644 --- a/data/ansible/deb_packages/gpg-gen-key.yaml +++ b/data/ansible/deb_packages/gpg-gen-key.yaml @@ -42,10 +42,3 @@ become: true shell: "sudo gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ rootUser }}" -- name: get user armored public key - become: true - shell: "sudo gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" - -- name: After export move the key to /var/packages - become: true - shell: "sudo mv {{ gpg_pubkeyfileexport }} /var/packages" \ No newline at end of file diff --git a/data/ansible/deb_packages/gpg.yaml b/data/ansible/deb_packages/gpg.yaml index 05124a09a..a103e50a5 100644 --- a/data/ansible/deb_packages/gpg.yaml +++ b/data/ansible/deb_packages/gpg.yaml @@ -1,4 +1,8 @@ --- +- name: Restart gpg-agent + become: true + shell: "gpgconf --kill all" + - name: Ensure .gnupg config directory exists with right permissions become: true file: dest={{ gpg_home }}/.gnupg state=directory mode=0700 owner="{{ rootUser }}" @@ -11,6 +15,29 @@ become: yes become_user: "{{ rootUser }}" register: gpgkeys + +- name: Check expired keys + become: yes + shell: "gpg --list-keys {{ gpg_realname }} | grep 'expired'" + ignore_errors: yes + failed_when: false + register: gpgExpKeys + when: gpgkeys.stdout_lines|length > 0 + +- name: Update expired + become: yes + shell: 'printf "expire\n{{ gpg_expire }}\nsave\n" | gpg --batch --command-fd 0 --status-fd=2 --edit-key {{ gpg_realname }}' + when: gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0 - include: gpg-gen-key.yaml when: gpgkeys.stdout_lines|length < 1 + +- name: get user armored public key + become: true + shell: "sudo gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" + when: gpgkeys.stdout_lines|length < 1 or (gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0) + +- name: After export move the key to /var/packages + become: true + shell: "sudo mv {{ gpg_pubkeyfileexport }} /var/packages" + when: gpgkeys.stdout_lines|length < 1 or (gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0) diff --git a/data/ansible/rpm_packages/gpg-gen-key.yaml b/data/ansible/rpm_packages/gpg-gen-key.yaml index 6318715b8..bb8395721 100644 --- a/data/ansible/rpm_packages/gpg-gen-key.yaml +++ b/data/ansible/rpm_packages/gpg-gen-key.yaml @@ -35,10 +35,3 @@ become: true shell: "sudo gpg --batch --gen-key {{ gpg_home }}/.gnupg/gen-key-script-{{ rootUser }}" -- name: get user armored public key - become: true - shell: "sudo gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" - -- name: After export move the key to /var/packages - become: true - shell: "sudo mv {{ gpg_pubkeyfileexport }} /var/packages" \ No newline at end of file diff --git a/data/ansible/rpm_packages/gpg.yaml b/data/ansible/rpm_packages/gpg.yaml index 411d69ef1..e7b2709bc 100644 --- a/data/ansible/rpm_packages/gpg.yaml +++ b/data/ansible/rpm_packages/gpg.yaml @@ -31,3 +31,13 @@ - include: gpg-gen-key.yaml when: gpgkeys.stdout_lines|length < 1 + +- name: get user armored public key + become: true + shell: "sudo gpg --armor --output {{ gpg_pubkeyfileexport }} --export {{ gpg_useremail }}" + when: gpgkeys.stdout_lines|length < 1 or (gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0) + +- name: After export move the key to /var/packages + become: true + shell: "sudo mv {{ gpg_pubkeyfileexport }} /var/packages" + when: gpgkeys.stdout_lines|length < 1 or (gpgkeys.stdout_lines|length > 0 and gpgExpKeys.stdout_lines|length > 0)