f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
23 lines
893 B
ReStructuredText
23 lines
893 B
ReStructuredText
---
|
|
id: V-71979
|
|
status: implemented
|
|
tag: packages
|
|
---
|
|
|
|
On Ubuntu systems, the tasks comment out the ``no-debsig`` configuration line
|
|
in ``/etc/dpkg/dpkg.cfg``. This causes ``dpkg`` to verify GPG signatures for
|
|
all packages that are installed locally.
|
|
|
|
On CentOS 7 systems, the tasks set the ``localpkg_gpgcheck`` option to ``1`` in
|
|
the ``/etc/yum.conf`` file. This enables GPG checks for all packages installed
|
|
locally with ``yum``.
|
|
|
|
On openSUSE Leap systems, the tasks set the ``gpgcheck`` option to ``1`` in the
|
|
``/etc/zypp/zypp.conf`` file. This enables GPG checks for all packages installed
|
|
with ``zypper``.
|
|
|
|
Setting ``security_enable_gpgcheck_packages_local`` to ``no`` will skip the
|
|
``no-debsig`` adjustment on Ubuntu and it will set ``local_gpgcheck=0`` in
|
|
``/etc/yum.conf`` on CentOS systems. Similarly, on openSUSE Leap systems, it will set
|
|
``gpgcheck=0`` in ``/etc/zypp/zypp.conf``.
|