V-38462 - Package management tool must verify authenticity of packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
Won't Fix
|
Low
|
Major Hayden |
Bug Description
the check is failing because of of the rdo-testing.repo not having gpgcheck=1.
It would be better to have it failed when gpgcheck is not set for enabled repos.
TASK [openstack-
task path: /etc/ansible/
container_name: "aio1"
physical_hostname: "aio1"
fatal: [aio1]: FAILED! => {
"changed": false,
"failed": true,
"invocation": {
"msg": "Ensure all repo files in /etc/yum.repos.d/ have 'gpgcheck=1' set."
},
},
"msg": "Ensure all repo files in /etc/yum.repos.d/ have 'gpgcheck=1' set."
}
[root@centos2 playbooks]# cat /etc/yum.
[openstack-
name=OpenStack Newton Testing
baseurl=http://
gpgcheck=0
enabled=0
[openstack-
# The pending repository should only be enabled under specific testing circumstances
name=OpenStack Newton Pending
baseurl=http://
gpgcheck=0
enabled=0
[rdo-trunk-
name=OpenStack Newton Trunk Tested
baseurl=http://
gpgcheck=0
enabled=0
Changed in openstack-ansible: | |
assignee: | nobody → Major Hayden (rackerhacker) |
Changed in openstack-ansible: | |
status: | New → In Progress |
importance: | Undecided → Low |
This is corrected with the work done in the RHEL 7 STIG.