From 20c85e03497e7962591893dff03bc2d9235d84e3 Mon Sep 17 00:00:00 2001 From: Albert Vaca Date: Wed, 25 Nov 2020 17:06:57 +0100 Subject: [PATCH] Revert "Trust new signing key (#754)" This reverts commit 7da58798ef4498b16687d14c451ca26e616a8039. --- attributes/default.rb | 5 +- recipes/repository.rb | 92 ++++------- spec/repository_spec.rb | 145 ++++-------------- spec/spec_helper.rb | 1 - .../serverspec/dd-agent_spec.rb | 7 +- .../serverspec/dd-agent_spec.rb | 7 +- .../serverspec/dd-agent_spec.rb | 7 +- .../dd-agent-iot/serverspec/dd-agent_spec.rb | 7 +- .../dd-agent/serverspec/dd-agent_spec.rb | 7 +- 9 files changed, 63 insertions(+), 215 deletions(-) diff --git a/attributes/default.rb b/attributes/default.rb index e974ff80..5585acb9 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -167,10 +167,9 @@ # Only applies if specific version specified default['datadog']['windows_agent_installer_prefix'] = nil -# Location of additional rpm gpg keys to import. In the future the rpm packages +# Location of additional rpm gpgkey to import (with signature `e09422b3`). In the future the rpm packages # of the Agent will be signed with this key. -default['datadog']['yumrepo_gpgkey_new_e09422b3'] = "#{yum_protocol}://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public" -default['datadog']['yumrepo_gpgkey_new_fd4bf915'] = "#{yum_protocol}://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public" +default['datadog']['yumrepo_gpgkey_new'] = "#{yum_protocol}://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public" # Windows Agent Blacklist # Attribute to enforce silent failures on agent installs when attempting to install a diff --git a/recipes/repository.rb b/recipes/repository.rb index 2822c5c9..d69390af 100644 --- a/recipes/repository.rb +++ b/recipes/repository.rb @@ -26,22 +26,6 @@ agent_major_version = Chef::Datadog.agent_major_version(node) -# A2923DFF56EDA6E76E55E492D3A80E30382E94DE expires in 2022 -# D75CEA17048B9ACBF186794B32637D44F14F620E expires in 2032 -apt_gpg_keys = ['A2923DFF56EDA6E76E55E492D3A80E30382E94DE', 'D75CEA17048B9ACBF186794B32637D44F14F620E'] - -# DATADOG_RPM_KEY_E09422B3.public expires in 2022 -# DATADOG_RPM_KEY_20200908.public expires in 2024 -rpm_gpg_keys = [['DATADOG_RPM_KEY_E09422B3.public', 'e09422b3', 'A4C0 B90D 7443 CF6E 4E8A A341 F106 8E14 E094 22B3'], - ['DATADOG_RPM_KEY_20200908.public', 'fd4bf915', 'C655 9B69 0CA8 82F0 23BD F3F6 3F4D 1729 FD4B F915']] - -# Local file name of the key -rpm_gpg_keys_name = 0 -# Short fingerprint for rpm commands, used in "rpm -q gpg-pubkey-*" and node['datadog']["yumrepo_gpgkey_new_*"] -rpm_gpg_keys_short_fingerprint = 1 -# Space delimited full fingerprint -rpm_gpg_keys_full_fingerprint = 2 - case node['platform_family'] when 'debian' apt_update 'update' @@ -64,17 +48,15 @@ retries = node['datadog']['aptrepo_retries'] keyserver = node['datadog']['aptrepo_use_backup_keyserver'] ? node['datadog']['aptrepo_backup_keyserver'] : node['datadog']['aptrepo_keyserver'] - # Add APT repositories - apt_gpg_keys.each do |apt_gpg_key| - apt_repository "datadog_apt_#{apt_gpg_key}" do - keyserver keyserver - key apt_gpg_key - uri node['datadog']['aptrepo'] - distribution node['datadog']['aptrepo_dist'] - components components - action :add - retries retries - end + # Add APT repository + apt_repository 'datadog' do + keyserver keyserver + key 'A2923DFF56EDA6E76E55E492D3A80E30382E94DE' + uri node['datadog']['aptrepo'] + distribution node['datadog']['aptrepo_dist'] + components components + action :add + retries retries end # Previous versions of the cookbook could create this repo file, make sure we remove it now @@ -83,9 +65,7 @@ end when 'rhel', 'fedora', 'amazon' # Import new RPM key - rpm_gpg_keys.each do |rpm_gpg_key| - next unless node['datadog']["yumrepo_gpgkey_new_#{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}"] - + if node['datadog']['yumrepo_gpgkey_new'] # gnupg is required to check the downloaded key's fingerprint package 'gnupg' do action :install @@ -93,21 +73,18 @@ end # Download new RPM key - key_local_path = ::File.join(Chef::Config[:file_cache_path], rpm_gpg_key[rpm_gpg_keys_name]) - remote_file "remote_file_#{rpm_gpg_key[rpm_gpg_keys_name]}" do + key_local_path = ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public') + remote_file 'DATADOG_RPM_KEY_E09422B3.public' do path key_local_path - source node['datadog']["yumrepo_gpgkey_new_#{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}"] - not_if "rpm -q gpg-pubkey-#{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}" # (key already imported) - notifies :run, "execute[rpm-import datadog key #{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}]", :immediately + source node['datadog']['yumrepo_gpgkey_new'] + not_if 'rpm -q gpg-pubkey-e09422b3' # (key already imported) + notifies :run, 'execute[rpm-import datadog key e09422b3]', :immediately end - # The fingerprint string has spaces in it, calculate one without space here - gpg_key_fingerprint_without_space = rpm_gpg_key[rpm_gpg_keys_full_fingerprint].delete(' ') - # Import key if fingerprint matches - execute "rpm-import datadog key #{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}" do + execute 'rpm-import datadog key e09422b3' do command "rpm --import #{key_local_path}" - only_if "gpg --dry-run --quiet --with-fingerprint #{key_local_path} | grep '#{rpm_gpg_key[rpm_gpg_keys_full_fingerprint]}' || gpg --dry-run --import --import-options import-show #{key_local_path} | grep '#{gpg_key_fingerprint_without_space}'" + only_if "gpg --dry-run --quiet --with-fingerprint #{key_local_path} | grep 'A4C0 B90D 7443 CF6E 4E8A A341 F106 8E14 E094 22B3' || gpg --dry-run --import --import-options import-show #{key_local_path} | grep 'A4C0B90D7443CF6E4E8AA341F1068E14E09422B3'" action :nothing end end @@ -128,51 +105,36 @@ end # Add YUM repository - yumrepo_gpgkeys = [] - if agent_major_version < 7 - yumrepo_gpgkeys.push(node['datadog']['yumrepo_gpgkey']) - else - rpm_gpg_keys.each do |rpm_gpg_key| - yumrepo_gpgkeys.push(node['datadog']["yumrepo_gpgkey_new_#{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}"]) - end - end - yum_repository 'datadog' do description 'datadog' baseurl baseurl proxy node['datadog']['yumrepo_proxy'] proxy_username node['datadog']['yumrepo_proxy_username'] proxy_password node['datadog']['yumrepo_proxy_password'] - gpgkey yumrepo_gpgkeys + gpgkey agent_major_version < 7 ? node['datadog']['yumrepo_gpgkey'] : node['datadog']['yumrepo_gpgkey_new'] gpgcheck true action :create end when 'suse' # Import new RPM key - rpm_gpg_keys.each do |rpm_gpg_key| - next unless node['datadog']["yumrepo_gpgkey_new_#{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}"] - + if node['datadog']['yumrepo_gpgkey_new'] # Download new RPM key - new_key_local_path = ::File.join(Chef::Config[:file_cache_path], rpm_gpg_key[rpm_gpg_keys_name]) - remote_file "remote_file_#{rpm_gpg_key[rpm_gpg_keys_name]}" do + new_key_local_path = ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public') + remote_file 'DATADOG_RPM_KEY_E09422B3.public' do path new_key_local_path - source node['datadog']["yumrepo_gpgkey_new_#{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}"] - not_if "rpm -q gpg-pubkey-#{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}" # (key already imported) - notifies :run, "execute[rpm-import datadog key #{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}]", :immediately + source node['datadog']['yumrepo_gpgkey_new'] + not_if 'rpm -q gpg-pubkey-e09422b3' # (key already imported) + notifies :run, 'execute[rpm-import datadog key e09422b3]', :immediately end - # The fingerprint string has spaces in it, calculate one without space here - gpg_key_fingerprint_without_space = rpm_gpg_key[rpm_gpg_keys_full_fingerprint].delete(' ') - # Import key if fingerprint matches - execute "rpm-import datadog key #{rpm_gpg_key[rpm_gpg_keys_short_fingerprint]}" do + execute 'rpm-import datadog key e09422b3' do command "rpm --import #{new_key_local_path}" - only_if "gpg --dry-run --quiet --with-fingerprint #{new_key_local_path} | grep '#{rpm_gpg_key[rpm_gpg_keys_full_fingerprint]}' || gpg --dry-run --import --import-options import-show #{new_key_local_path} | grep '#{gpg_key_fingerprint_without_space}'" + only_if "gpg --dry-run --quiet --with-fingerprint #{new_key_local_path} | grep 'A4C0 B90D 7443 CF6E 4E8A A341 F106 8E14 E094 22B3' || gpg --dry-run --import --import-options import-show #{new_key_local_path} | grep 'A4C0B90D7443CF6E4E8AA341F1068E14E09422B3'" action :nothing end end - # Now the old key is mostly hard-coded old_key_local_path = ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY.public') remote_file 'DATADOG_RPM_KEY.public' do path old_key_local_path @@ -205,7 +167,7 @@ zypper_repository 'datadog' do description 'datadog' baseurl baseurl - gpgkey agent_major_version < 7 ? node['datadog']['yumrepo_gpgkey'] : node['datadog']["yumrepo_gpgkey_new_#{rpm_gpg_keys[0][rpm_gpg_keys_short_fingerprint]}"] + gpgkey agent_major_version < 7 ? node['datadog']['yumrepo_gpgkey'] : node['datadog']['yumrepo_gpgkey_new'] gpgautoimportkeys false gpgcheck false action :create diff --git a/spec/repository_spec.rb b/spec/repository_spec.rb index 7a6e63fe..9ad2eb64 100644 --- a/spec/repository_spec.rb +++ b/spec/repository_spec.rb @@ -14,18 +14,12 @@ expect(chef_run).to install_package('install-apt-transport-https') end - it 'sets up an apt repo with fingerprint A2923DFF56EDA6E76E55E492D3A80E30382E94DE' do - expect(chef_run).to add_apt_repository('datadog_apt_A2923DFF56EDA6E76E55E492D3A80E30382E94DE').with( + it 'sets up an apt repo' do + expect(chef_run).to add_apt_repository('datadog').with( key: ['A2923DFF56EDA6E76E55E492D3A80E30382E94DE'] ) end - it 'sets up an apt repo with fingerprint D75CEA17048B9ACBF186794B32637D44F14F620E' do - expect(chef_run).to add_apt_repository('datadog_apt_D75CEA17048B9ACBF186794B32637D44F14F620E').with( - key: ['D75CEA17048B9ACBF186794B32637D44F14F620E'] - ) - end - it 'removes the datadog-beta repo' do expect(chef_run).to remove_apt_repository('datadog-beta') end @@ -41,62 +35,35 @@ end.converge(described_recipe) end - # Key E09422B3 - it 'sets the yumrepo_gpgkey_new attribute E09422B3' do - expect(chef_run.node['datadog']['yumrepo_gpgkey_new_e09422b3']).to match( + it 'sets the yumrepo_gpgkey_new attribute' do + expect(chef_run.node['datadog']['yumrepo_gpgkey_new']).to match( /DATADOG_RPM_KEY_E09422B3.public/ ) end - it 'installs gnupg E09422B3' do + it 'installs gnupg' do expect(chef_run).to install_package('gnupg') if chef_run.node['packages']['gnupg2'].nil? end - it 'downloads the new RPM key E09422B3' do - expect(chef_run).to create_remote_file('remote_file_DATADOG_RPM_KEY_E09422B3.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public')) + it 'downloads the new RPM key' do + expect(chef_run).to create_remote_file('DATADOG_RPM_KEY_E09422B3.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public')) end - it 'notifies the GPG key install if a new one is downloaded E09422B3' do - keyfile_r = chef_run.remote_file('remote_file_DATADOG_RPM_KEY_E09422B3.public') + it 'notifies the GPG key install if a new one is downloaded' do + keyfile_r = chef_run.remote_file('DATADOG_RPM_KEY_E09422B3.public') expect(keyfile_r).to notify('execute[rpm-import datadog key e09422b3]') .to(:run).immediately end - it 'doesn\'t execute[rpm-import datadog key *] by default E09422B3' do + it 'doesn\'t execute[rpm-import datadog key e09422b3] by default' do keyfile_exec_r = chef_run.execute('rpm-import datadog key e09422b3') expect(keyfile_exec_r).to do_nothing end - # Key FD4BF915 (2020-09-08) - it 'sets the yumrepo_gpgkey_new attribute fd4bf915' do - expect(chef_run.node['datadog']['yumrepo_gpgkey_new_fd4bf915']).to match( - /DATADOG_RPM_KEY_20200908.public/ - ) - end - - it 'installs fd4bf915' do - expect(chef_run).to install_package('gnupg') if chef_run.node['packages']['gnupg2'].nil? - end - - it 'downloads the new RPM key fd4bf915' do - expect(chef_run).to create_remote_file('remote_file_DATADOG_RPM_KEY_20200908.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_20200908.public')) - end - - it 'notifies the GPG key install if a new one is downloaded fd4bf915' do - keyfile_r = chef_run.remote_file('remote_file_DATADOG_RPM_KEY_20200908.public') - expect(keyfile_r).to notify('execute[rpm-import datadog key fd4bf915]') - .to(:run).immediately - end - - it 'doesn\'t execute[rpm-import datadog key *] by default fd4bf915' do - keyfile_exec_r = chef_run.execute('rpm-import datadog key fd4bf915') - expect(keyfile_exec_r).to do_nothing - end - # prefer HTTPS on boxes that support TLS1.2 - it 'sets up a yum repo E09422B3 and 20200908' do + it 'sets up a yum repo' do expect(chef_run).to create_yum_repository('datadog').with( - gpgkey: ['https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public', 'https://yum.datadoghq.com/DATADOG_RPM_KEY_20200908.public'] + gpgkey: 'https://yum.datadoghq.com/DATADOG_RPM_KEY_E09422B3.public' ) end end @@ -110,62 +77,35 @@ end.converge(described_recipe) end - # Key E09422B3 - it 'sets the yumrepo_gpgkey_new attribute E09422B3' do - expect(chef_run.node['datadog']['yumrepo_gpgkey_new_e09422b3']).to match( + it 'sets the yumrepo_gpgkey_new attribute' do + expect(chef_run.node['datadog']['yumrepo_gpgkey_new']).to match( /DATADOG_RPM_KEY_E09422B3.public/ ) end - it 'installs gnupg E09422B3' do + it 'installs gnupg' do expect(chef_run).to install_package('gnupg') if chef_run.node['packages']['gnupg2'].nil? end - it 'downloads the new RPM key E09422B3' do - expect(chef_run).to create_remote_file('remote_file_DATADOG_RPM_KEY_E09422B3.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public')) + it 'downloads the new RPM key' do + expect(chef_run).to create_remote_file('DATADOG_RPM_KEY_E09422B3.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public')) end - it 'notifies the GPG key install if a new one is downloaded E09422B3' do - keyfile_r = chef_run.remote_file('remote_file_DATADOG_RPM_KEY_E09422B3.public') + it 'notifies the GPG key install if a new one is downloaded' do + keyfile_r = chef_run.remote_file('DATADOG_RPM_KEY_E09422B3.public') expect(keyfile_r).to notify('execute[rpm-import datadog key e09422b3]') .to(:run).immediately end - it 'doesn\'t execute[rpm-import datadog key *] by default E09422B3' do + it 'doesn\'t execute[rpm-import datadog key e09422b3] by default' do keyfile_exec_r = chef_run.execute('rpm-import datadog key e09422b3') expect(keyfile_exec_r).to do_nothing end - # Key FD4BF915 (2020-09-08) - it 'sets the yumrepo_gpgkey_new attribute fd4bf915' do - expect(chef_run.node['datadog']['yumrepo_gpgkey_new_fd4bf915']).to match( - /DATADOG_RPM_KEY_20200908.public/ - ) - end - - it 'installs gnupg fd4bf915' do - expect(chef_run).to install_package('gnupg') if chef_run.node['packages']['gnupg2'].nil? - end - - it 'downloads the new RPM key fd4bf915' do - expect(chef_run).to create_remote_file('remote_file_DATADOG_RPM_KEY_20200908.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_20200908.public')) - end - - it 'notifies the GPG key install if a new one is downloaded fd4bf915' do - keyfile_r = chef_run.remote_file('remote_file_DATADOG_RPM_KEY_20200908.public') - expect(keyfile_r).to notify('execute[rpm-import datadog key fd4bf915]') - .to(:run).immediately - end - - it 'doesn\'t execute[rpm-import datadog key *] by default fd4bf915' do - keyfile_exec_r = chef_run.execute('rpm-import datadog key fd4bf915') - expect(keyfile_exec_r).to do_nothing - end - # prefer HTTPS on boxes that support TLS1.2 it 'sets up a yum repo' do expect(chef_run).to create_yum_repository('datadog').with( - gpgkey: ['https://yum.datadoghq.com/DATADOG_RPM_KEY.public'] + gpgkey: 'https://yum.datadoghq.com/DATADOG_RPM_KEY.public' ) end end @@ -179,9 +119,8 @@ end.converge(described_recipe) end - # Key E09422B3 - it 'sets the yumrepo_gpgkey_new attribute E09422B3' do - expect(chef_run.node['datadog']['yumrepo_gpgkey_new_e09422b3']).to match( + it 'sets the yumrepo_gpgkey_new attribute' do + expect(chef_run.node['datadog']['yumrepo_gpgkey_new']).to match( /DATADOG_RPM_KEY_E09422B3.public/ ) end @@ -190,52 +129,26 @@ expect(chef_run).to install_package('gnupg') if chef_run.node['packages']['gnupg2'].nil? end - it 'downloads the new RPM key E09422B3' do - expect(chef_run).to create_remote_file('remote_file_DATADOG_RPM_KEY_E09422B3.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public')) + it 'downloads the new RPM key' do + expect(chef_run).to create_remote_file('DATADOG_RPM_KEY_E09422B3.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_E09422B3.public')) end - it 'notifies the GPG key install if a new one is downloaded E09422B3' do - keyfile_r = chef_run.remote_file('remote_file_DATADOG_RPM_KEY_E09422B3.public') + it 'notifies the GPG key install if a new one is downloaded' do + keyfile_r = chef_run.remote_file('DATADOG_RPM_KEY_E09422B3.public') expect(keyfile_r).to notify('execute[rpm-import datadog key e09422b3]') .to(:run).immediately end - it 'doesn\'t execute[rpm-import datadog key *] by default E09422B3' do + it 'doesn\'t execute[rpm-import datadog key e09422b3] by default' do keyfile_exec_r = chef_run.execute('rpm-import datadog key e09422b3') expect(keyfile_exec_r).to do_nothing end - # Key FD4BF915 (2020-09-08) - it 'sets the yumrepo_gpgkey_new attribute fd4bf915' do - expect(chef_run.node['datadog']['yumrepo_gpgkey_new_fd4bf915']).to match( - /DATADOG_RPM_KEY_20200908.public/ - ) - end - - it 'installs gnupg' do - expect(chef_run).to install_package('gnupg') if chef_run.node['packages']['gnupg2'].nil? - end - - it 'downloads the new RPM key fd4bf915' do - expect(chef_run).to create_remote_file('remote_file_DATADOG_RPM_KEY_20200908.public').with(path: ::File.join(Chef::Config[:file_cache_path], 'DATADOG_RPM_KEY_20200908.public')) - end - - it 'notifies the GPG key install if a new one is downloaded fd4bf915' do - keyfile_r = chef_run.remote_file('remote_file_DATADOG_RPM_KEY_20200908.public') - expect(keyfile_r).to notify('execute[rpm-import datadog key fd4bf915]') - .to(:run).immediately - end - - it 'doesn\'t execute[rpm-import datadog key *] by default fd4bf915' do - keyfile_exec_r = chef_run.execute('rpm-import datadog key fd4bf915') - expect(keyfile_exec_r).to do_nothing - end - # RHEL5 has to use insecure HTTP due to lack of support for TLS1.2 # https://github.com/DataDog/chef-datadog/blob/v2.8.1/attributes/default.rb#L85-L91 it 'sets up a yum repo' do expect(chef_run).to create_yum_repository('datadog').with( - gpgkey: ['http://yum.datadoghq.com/DATADOG_RPM_KEY.public'] + gpgkey: 'http://yum.datadoghq.com/DATADOG_RPM_KEY.public' ) end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 26476691..307edf63 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -28,7 +28,6 @@ # recipes/repository.rb stub_command('rpm -q gpg-pubkey-e09422b3').and_return(false) - stub_command('rpm -q gpg-pubkey-fd4bf915').and_return(false) end Ohai::Config[:log_level] = :warn diff --git a/test/integration/dd-agent-handler5/serverspec/dd-agent_spec.rb b/test/integration/dd-agent-handler5/serverspec/dd-agent_spec.rb index f0209d44..d39a1474 100644 --- a/test/integration/dd-agent-handler5/serverspec/dd-agent_spec.rb +++ b/test/integration/dd-agent-handler5/serverspec/dd-agent_spec.rb @@ -20,13 +20,8 @@ its(:stdout) { should contain '382E94DE' } end -# The new RPM keys are imported +# The new RPM key is imported describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end - -describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do - its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } -end diff --git a/test/integration/dd-agent-handler6/serverspec/dd-agent_spec.rb b/test/integration/dd-agent-handler6/serverspec/dd-agent_spec.rb index d94f627e..7f87d532 100644 --- a/test/integration/dd-agent-handler6/serverspec/dd-agent_spec.rb +++ b/test/integration/dd-agent-handler6/serverspec/dd-agent_spec.rb @@ -20,13 +20,8 @@ its(:stdout) { should contain '382E94DE' } end -# The new RPM keys are imported +# The new RPM key is imported describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end - -describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do - its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } -end diff --git a/test/integration/dd-agent-handler7/serverspec/dd-agent_spec.rb b/test/integration/dd-agent-handler7/serverspec/dd-agent_spec.rb index d94f627e..7f87d532 100644 --- a/test/integration/dd-agent-handler7/serverspec/dd-agent_spec.rb +++ b/test/integration/dd-agent-handler7/serverspec/dd-agent_spec.rb @@ -20,13 +20,8 @@ its(:stdout) { should contain '382E94DE' } end -# The new RPM keys are imported +# The new RPM key is imported describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end - -describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do - its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } -end diff --git a/test/integration/dd-agent-iot/serverspec/dd-agent_spec.rb b/test/integration/dd-agent-iot/serverspec/dd-agent_spec.rb index 800d0676..ac169274 100644 --- a/test/integration/dd-agent-iot/serverspec/dd-agent_spec.rb +++ b/test/integration/dd-agent-iot/serverspec/dd-agent_spec.rb @@ -22,13 +22,8 @@ its(:stdout) { should contain '382E94DE' } end -# The new RPM keys are imported +# The new RPM key is imported describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end - -describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do - its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } -end diff --git a/test/integration/dd-agent/serverspec/dd-agent_spec.rb b/test/integration/dd-agent/serverspec/dd-agent_spec.rb index d94f627e..7f87d532 100644 --- a/test/integration/dd-agent/serverspec/dd-agent_spec.rb +++ b/test/integration/dd-agent/serverspec/dd-agent_spec.rb @@ -20,13 +20,8 @@ its(:stdout) { should contain '382E94DE' } end -# The new RPM keys are imported +# The new RPM key is imported describe command('rpm -q gpg-pubkey-e09422b3'), :if => os[:family] == 'redhat' do its(:exit_status) { should eq 0 } its(:stdout) { should contain 'gpg-pubkey-e09422b3' } end - -describe command('rpm -q gpg-pubkey-fd4bf915'), :if => os[:family] == 'redhat' do - its(:exit_status) { should eq 0 } - its(:stdout) { should contain 'gpg-pubkey-fd4bf915' } -end