f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
893 B
---id: V-71979 status: implemented tag: packages ---
On Ubuntu systems, the tasks comment out the no-debsig
configuration line in /etc/dpkg/dpkg.cfg. This causes
dpkg to verify GPG signatures for all packages that are
installed locally.
On CentOS 7 systems, the tasks set the localpkg_gpgcheck
option to 1 in the /etc/yum.conf file. This
enables GPG checks for all packages installed locally with
yum.
On openSUSE Leap systems, the tasks set the gpgcheck
option to 1 in the /etc/zypp/zypp.conf file.
This enables GPG checks for all packages installed with
zypper.
Setting security_enable_gpgcheck_packages_local to
no will skip the no-debsig adjustment on
Ubuntu and it will set local_gpgcheck=0 in
/etc/yum.conf on CentOS systems. Similarly, on openSUSE
Leap systems, it will set gpgcheck=0 in
/etc/zypp/zypp.conf.