New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[dnf] ensure packages are gpg-verified #71539
Merged
relrod
merged 1 commit into
ansible:stable-2.10
from
relrod:nda/backport/2.10/modules/dnf/gpg-verify
Aug 31, 2020
Merged
[dnf] ensure packages are gpg-verified #71539
relrod
merged 1 commit into
ansible:stable-2.10
from
relrod:nda/backport/2.10/modules/dnf/gpg-verify
Aug 31, 2020
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change: - By default the dnf API does not gpg-verify packages. This is a feature that is executed in its CLI code. It never made it into Ansible's usage of the API, so packages were previously not verified. - This fixes CVE-2020-14365. Test Plan: - New integration tests Signed-off-by: Rick Elrod <rick@elrod.me>
ansibot
added
affects_2.10
This issue/PR affects Ansible v2.10
backport
This PR does not target the devel branch.
bug
This issue/PR relates to a bug.
core_review
In order to be merged, this PR must follow the core review workflow.
module
This issue/PR relates to a module.
needs_triage
Needs a first human triage before being processed.
packaging
Packaging category
support:community
This issue/PR relates to code supported by the Ansible community.
support:core
This issue/PR relates to code supported by the Ansible Engineering Team.
labels
Aug 31, 2020
relrod
added a commit
to relrod/ansible
that referenced
this pull request
Sep 4, 2020
Change: - This was a breaking change (security fix), but I neglected to add a porting guide entry for it previously. Tickets: - Refs ansible#71537 - Refs ansible#71539 - Refs ansible#71540 - Refs ansible#71541 Signed-off-by: Rick Elrod <rick@elrod.me>
samccann
pushed a commit
that referenced
this pull request
Sep 15, 2020
* [docs] add porting guide for DNF GPG validation Change: - This was a breaking change (security fix), but I neglected to add a porting guide entry for it previously. Tickets: - Refs #71537 - Refs #71539 - Refs #71540 - Refs #71541 Signed-off-by: Rick Elrod <rick@elrod.me> * changes from sivel Signed-off-by: Rick Elrod <rick@elrod.me>
samccann
pushed a commit
to samccann/ansible
that referenced
this pull request
Sep 21, 2020
* [docs] add porting guide for DNF GPG validation Change: - This was a breaking change (security fix), but I neglected to add a porting guide entry for it previously. Tickets: - Refs ansible#71537 - Refs ansible#71539 - Refs ansible#71540 - Refs ansible#71541 Signed-off-by: Rick Elrod <rick@elrod.me> * changes from sivel Signed-off-by: Rick Elrod <rick@elrod.me> (cherry picked from commit 7a38c47)
acozine
pushed a commit
that referenced
this pull request
Sep 21, 2020
* Fix typo in the documentation (#71701) Fix typo in the documentation: casting instead of casing (cherry picked from commit 1a06587) * Add how to run unit test link in testing_units_modules doc (#71523) * Add how to run unit test link in testing_units_modules * Fix sanity test (cherry picked from commit 7a0e545) * Fix typo in delveloping_plugins_network (#71737) (cherry picked from commit 4bf61f0) * Fix broken bullet list (#71728) (cherry picked from commit 00ed5b1) * vmware: Add docs for filters (#71670) Add a scenario guide for filters in VMware documentation Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> (cherry picked from commit 7603343) * [docs] add porting guide for DNF GPG validation (#71640) * [docs] add porting guide for DNF GPG validation Change: - This was a breaking change (security fix), but I neglected to add a porting guide entry for it previously. Tickets: - Refs #71537 - Refs #71539 - Refs #71540 - Refs #71541 Signed-off-by: Rick Elrod <rick@elrod.me> * changes from sivel Signed-off-by: Rick Elrod <rick@elrod.me> (cherry picked from commit 7a38c47) * Fixed invalid urls inside guide_packet.rst and collections_using.rst (#71705) * Fixed invalid urls inside guide_packet.rst and collections_using.rst * Reverted fix for collections_using.rst (cherry picked from commit c36e939) * Update EXAMPLES in package_facts.py documentation (#71838) this module is not limited to rpm , so remove rpm in tasks name (cherry picked from commit 7f62b47) * change duplicated label (cherry picked from commit bcfead8) Co-authored-by: Guillaume Vincent <guillaume@oslab.fr> Co-authored-by: Amin Vakil <info@aminvakil.com> Co-authored-by: Shufeng <fenghhk@gmail.com> Co-authored-by: Evaristo Rojas <evaristo.rojas@islas.org.mx> Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com> Co-authored-by: Rick Elrod <rick@elrod.me> Co-authored-by: Shounak <25407872+shounak1@users.noreply.github.com> Co-authored-by: roumano <roumano@gmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
affects_2.10
This issue/PR affects Ansible v2.10
backport
This PR does not target the devel branch.
bug
This issue/PR relates to a bug.
core_review
In order to be merged, this PR must follow the core review workflow.
module
This issue/PR relates to a module.
packaging
Packaging category
support:community
This issue/PR relates to code supported by the Ansible community.
support:core
This issue/PR relates to code supported by the Ansible Engineering Team.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Backport of #71537
Change:
that is executed in its CLI code. It never made it into Ansible's
usage of the API, so packages were previously not verified.
Test Plan:
Signed-off-by: Rick Elrod rick@elrod.me
ISSUE TYPE
COMPONENT NAME
dnf