Commit Graph

9 Commits

Author SHA1 Message Date
Jeremy Stanley 7c64b4bdb3 Record artifact checksums and signatures to stdout
In case of later upload failures, record the SHA2-256 checksum and
ASCII-armored OpenPGP signature of each signed artifact to the job's
output stream so they can later be used for manual uploading.

Change-Id: Ifd136b95357d499e088c5509fa57daf76a246cf4
2020-06-16 14:39:57 +00:00
Albin Vass 9062289151 Check for loop_control in with_ type loops
Change-Id: I191265df7709a6262b44a428d78fe28ffaeb4b75
2020-05-01 13:45:34 +02:00
Paul Belanger 13889a5878
Remove GPG public key for sign-artifacts role
This is actually a noop for gpg, since the private key also contains
the public.

Change-Id: I60d4ebf0f3343911986a4e6c46a806539cda701b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-08-25 13:28:02 -04:00
Paul Belanger fd162957d3
Fix typo in public key import
Change-Id: I9ae6ffdda870d65c1e6d022c9bc2c22328f30286
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-08-25 12:52:44 -04:00
Paul Belanger 08448dee4b
Use gpg import for sign-artifacts tasks
Because we used binary data, and it seems ansible had some issues with
that. Switch to asscii-armored versions and gpg import.

Change-Id: Ide400a2163c8fc08de0a28947ada7e9448d7675d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-08-25 10:54:05 -04:00
Paul Belanger ccbce75fce
sha1sum pubring.gpg / secring.gpg for debugging
Collect sha1sum to help validate secrets.

Change-Id: I9bf251856340bd6d381686146a26ff3f8103cd59
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-08-24 16:33:21 -04:00
Paul Belanger 466add5613
Fix matched condition for gpg signing
We actually want to sign the items we found if greater then zero, as
it results the number of files found.

Change-Id: I48014bb437a575c1d639a8a68e76b7ed06df2278
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-08-24 14:48:14 -04:00
Monty Taylor c3339caf12
Delete keyring dir when we're done
It goes away when bubblewrap does, but let's be extra safe.

Change-Id: Ic7cc81081d075cdbd50ad158369327c36c3bcda1
2017-08-22 19:33:40 -04:00
Monty Taylor 6271966f10
Add role to GPG sign artifacts in a directory
This will sign everything in the artifacts directory.

Change-Id: I1f07b1b05ff4336e32469f85ff2c09fb72c0b51c
2017-08-22 19:24:05 -04:00