0.1.9 version

- pgp_test_key - added a role that generates a test PGP key

CHANGELOG.rst

@@ -5,6 +5,14 @@ msvsphere.ci Release Notes
 .. contents:: Topics
 
 
+v0.1.9
+======
+
+New Roles
+---------
+
+- msvsphere.ci.pgp_test_key - A role that generates a PGP key for testing purposes.
+
 v0.1.8
 ======
 

changelogs/.plugin-cache.yaml

@@ -40,6 +40,10 @@ objects:
       description: A role that installs koji-tools.
       name: koji_tools
       version_added: 0.1.1
+    pgp_test_key:
+      description: A role that generates a PGP key for testing purposes.
+      name: pgp_test_key
+      version_added: 0.1.9
     postgresql_server:
       description: A role that installs and configures a PostgreSQL server
       name: postgresql_server
@@ -60,4 +64,4 @@ plugins:
   strategy: {}
   test: {}
   vars: {}
-version: 0.1.8
+version: 0.1.9

changelogs/changelog.yaml

@@ -98,3 +98,10 @@ releases:
     fragments:
     - 6-kerberos_kdc_firewall_rules.yml
     release_date: '2024-01-25'
+  0.1.9:
+    objects:
+      role:
+      - description: A role that generates a PGP key for testing purposes.
+        name: pgp_test_key
+        namespace: null
+    release_date: '2024-02-06'

galaxy.yml

@@ -1,6 +1,6 @@
 namespace: msvsphere
 name: ci
-version: 0.1.8
+version: 0.1.9
 readme: README.md
 authors:
   - Eugene Zamriy <ezamriy@msvsphere-os.ru>

roles/pgp_test_key/README.md

@@ -0,0 +1,17 @@
+# msvsphere.ci.pgp_test_key
+
+An Ansible role that generates a PGP key for testing purposes.
+
+## Variables
+
+| Variable | Default value | Type | Description | Required |
+| -------- | ------------- | ---- | ----------- | -------- |
+| msvsphere_major_ver | "9" | str | MSVSphere OS major version. | no |
+
+## License
+
+MIT.
+
+## Authors
+
+* [Eugene Zamriy](mailto:ezamriy@msvsphere-os.ru)

roles/pgp_test_key/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+msvsphere_major_ver: '9'

roles/pgp_test_key/meta/argument_specs.yml

@@ -0,0 +1,12 @@
+---
+argument_specs:
+  main:
+    short_description: A role that generates a PGP key for testing purposes.
+    author: Eugene Zamriy
+    version_added: '0.1.9'
+    options:
+      msvsphere_major_ver:
+        description: MSVSphere OS major version.
+        default: '9'
+        type: 'str'
+        required: false

roles/pgp_test_key/meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Eugene Zamriy
+  description: A role that generates a PGP key for testing purposes.
+  company: Softline PJSC
+  license: MIT
+  min_ansible_version: 2.13
+  platforms:
+    - name: EL
+      versions:
+        - "9"
+  galaxy_tags:
+    - koji
+
+dependencies: []

roles/pgp_test_key/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+- name: Check if MSVSphere test PGP key exists
+  ansible.builtin.shell:
+    cmd: "gpg --list-secret-keys | grep 'MSVSphere {{ msvsphere_major_ver }} Test Key'"
+  ignore_errors: true
+  register: pgp_test_key_check
+  changed_when: pgp_test_key_check.rc != 0
+
+- name: Generate MSVSphere test PGP key
+  block:
+    - name: Create PGP batch file
+      ansible.builtin.tempfile:
+        state: file
+        prefix: scbs_
+      register: pgp_test_key_batch
+
+    - name: Populate PGP batch file
+      ansible.builtin.template:
+        src: msvsphere-test-key.batch.j2
+        dest: "{{ pgp_test_key_batch.path }}"
+
+    - name: Generate test PGP key
+      ansible.builtin.command: "gpg --batch --generate-key {{ pgp_test_key_batch.path }}"
+
+    - name: Delete PGP batch file
+      ansible.builtin.file:
+        path: "{{ pgp_test_key_batch.path }}"
+        state: absent
+  when: pgp_test_key_check.rc != 0
+
+- name: Check if MSVSphere test PGP key imported
+  ansible.builtin.shell:
+    cmd: rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey) | grep 'MSVSphere 9 Test Key'
+  ignore_errors: true
+  register: pgp_test_key_imported
+  changed_when: pgp_test_key_imported.rc != 0
+
+- name: Import MSVSphere test PGP key to RPM DB
+  block:
+    - name: Get user home directory
+      ansible.builtin.shell: "getent passwd $(id -u) | awk -F: '{ print $6 }'"
+      changed_when: false
+      register: pgp_test_key_user
+
+    - name: Export MSVSphere test PGP public key
+      ansible.builtin.command:
+        cmd: "gpg --output {{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }} --export --armor --batch --yes 'MSVSphere {{ msvsphere_major_ver }} Test Key'"
+
+    - name: Copy MSVSphere test PGP public key to /etc/pki/rpm-gpg/
+      ansible.builtin.copy:
+        remote_src: true
+        src: "{{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }}"
+        dest: "/etc/pki/rpm-gpg/RPM-GPG-KEY-MSVSphere-{{ msvsphere_major_ver }}-Test-Key"
+        owner: root
+        group: root
+        mode: '0644'
+      become: true
+
+    - name: Import MSVSphere test PGP key to RPM DB
+      ansible.builtin.rpm_key:
+        key: "{{ [pgp_test_key_user.stdout, 'RPM-GPG-KEY-MSVSphere-' + msvsphere_major_ver + '-Test-Key'] | path_join }}"
+        state: present
+      become: true
+  when: pgp_test_key_imported.rc != 0

roles/pgp_test_key/templates/msvsphere-test-key.batch.j2

@@ -0,0 +1,15 @@
+%echo Generating OpenPGP key
+%no-protection
+Key-Type: RSA
+Key-Length: 4096
+Key-Usage: sign
+Name-Real: MSVSphere {{ msvsphere_major_ver }} Test Key
+Name-Email: packager@msvsphere.test
+Expire-Date: 0
+{% if msvsphere_major_ver | string == '9' %}
+Preferences: AES256,AES192,AES,SHA512,SHA384,SHA256,ZLIB,ZIP,BZIP2
+{% else %}
+Preferences: AES256,AES192,AES,3DES,SHA512,SHA384,SHA256,SHA1,ZLIB,ZIP,BZIP2
+{% endif %}
+%commit
+%echo done