This repository has been archived by the owner on Mar 30, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
gpg_keys.yml
35 lines (32 loc) · 1.5 KB
/
gpg_keys.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
- name: Ensure GPG keys have full fingerprints.
assert:
that:
- "'fingerprint' in item.keys()"
- item.fingerprint|length == 40
fail_msg: >-
GPG public key fingerprints music be long-form 40 characters
with_items: "{{ grsecurity_build_gpg_keys }}"
- name: Import GPG keys for building Linux kernel.
shell: gpg --import - <<< "{{ lookup('file', item.fingerprint+'.pub')|escape }}"
args:
executable: /bin/bash # required for string redirection
register: gpg_import_linux_pubkeys_result
changed_when: "'imported: 1' in gpg_import_linux_pubkeys_result.stderr"
with_items: "{{ grsecurity_build_gpg_keys }}"
- name: Import GPG keys for building Linux kernel with Ubuntu overlay.
shell: gpg --import - <<< "{{ lookup('file', item.fingerprint+'.pub')|escape }}"
args:
executable: /bin/bash # required for string redirection
register: gpg_import_ubuntu_pubkeys_result
changed_when: "'imported: 1' in gpg_import_ubuntu_pubkeys_result.stderr"
with_items: "{{ grsecurity_build_gpg_keys_ubuntu }}"
when: grsecurity_build_include_ubuntu_overlay
- name: Import GPG keys for building minipli's kernel patches
shell: gpg --import - <<< "{{ lookup('file', item.fingerprint+'.pub')|escape }}"
args:
executable: /bin/bash # required for string redirection
register: gpg_import_minipli_pubkeys_result
changed_when: "'imported: 1' in gpg_import_minipli_pubkeys_result.stderr"
with_items: "{{ grsecurity_buld_gpg_keys_minipli }}"
when: grsecurity_build_patch_type == "minipli"