git module verifies signatures after the repo has already been updated #75609
Labels
affects_2.10
This issue/PR affects Ansible v2.10
bug
This issue/PR relates to a bug.
module
This issue/PR relates to a module.
needs_verified
This issue needs to be verified/reproduced by maintainer
P3
Priority 3 - Approved, No Time Limitation
support:core
This issue/PR relates to code supported by the Ansible Engineering Team.
Summary
I would expect that if some changes are not signed, ansible would leave my working copy unchanged to the last verified version.
Instead, since
verify_commit_sign
is called at the end of all operations, even if it will fail, working copies will have been updated.This may mean that a failed playbook might cause production code to get updated to an untrusted/unverified version. Depending on setups, that may have serious consequences.
Issue Type
Bug Report
Component Name
git
Ansible Version
Configuration
OS / Environment
Debian Bullseye
Steps to Reproduce
It will make a checkout. If a checkout is present to an earlier commit in main, it will update it to the last commit in main
Expected Results
I would expect that if a signature fails to verify, nothing is changed in the filesystem
Actual Results
Code of Conduct
The text was updated successfully, but these errors were encountered: