PE-19086 Change extend gpg key to ignore gpg key warnings (#47)

The extended GPG-key for PE 2015.2 -> 2016.1.2 has expired. Rather then continue to update it every few months, lets just enable the older versions of PE that are installed on debian systems to ignore gpg-key warnings. We will still have testing coverage of the gpg-key on debian systems via fresh installs of PE and testing upgrades from PE 2016.2.0 and newer.
puppetlabs · Jan 6, 2017 · 45d907e · 45d907e
1 parent 3cefad2
commit 45d907e
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 31 deletions.
diff --git a/lib/beaker-pe/install/pe_utils.rb b/lib/beaker-pe/install/pe_utils.rb
@@ -380,10 +380,10 @@ def do_install hosts, opts = {}
             hosts_agent_only, hosts_not_agent_only = [], hosts.dup
           end
 
-          # On July 8th, 2016, the GPG key used to sign repos inside PE tarballs
-          # expired. Add a temporary, extended key to the host first so that it
-          # can still install those old PE tarballs.
-          add_extended_gpg_key_to_hosts(hosts, opts)
+          # On January 5th, 2017, the extended GPG key has expired. Rather then
+          # every few months updating this gem to point to a new key for PE versions
+          # less then PE 2016.4.0 we are going to just ignore the warning when installing
+          ignore_gpg_key_warning_on_hosts(hosts, opts)
 
           # Set PE distribution for all the hosts, create working dir
           prepare_hosts(hosts_not_agent_only, opts)
@@ -620,21 +620,17 @@ def install_via_msi?(host)
           (host['platform'] =~ /windows/ && (version_is_less(host['pe_ver'], '2016.4.0') && !version_is_less(host['pe_ver'], '3.99'))) || (host['platform'] =~ /windows-2008r2/ && (version_is_less(host['pe_ver'], '2016.4.3') && !version_is_less(host['pe_ver'], '3.99')))
         end
 
-        # On July 8th, 2016, the gpg key that was shipped and used to sign repos in
-        # PE tarballs expired. This affects all PE version earlier then 3.8.5, and
-        # versions between 2015.2 to 2016.1.2.
-        #
-        # PE 3.8.5 and 2016.1.2 shipped with a version of the key that had it's
-        # expiration date extended by 6 months (to Janurary 2017).
-        def add_extended_gpg_key_to_hosts(hosts, opts)
+        # For PE 3.8.5 to PE 2016.1.2 they have an expired gpg key. This method is
+        # for deb nodes to ignore the gpg-key expiration warning
+        def ignore_gpg_key_warning_on_hosts(hosts, opts)
           hosts.each do |host|
             # RPM based platforms do not seem to be effected by an expired GPG key,
             # while deb based platforms are failing.
             if host['platform'] =~ /debian|ubuntu/
               host_ver = host['pe_ver'] || opts['pe_ver']
 
-              if version_is_less(host_ver, '3.8.5') || (!version_is_less(host_ver, '2015.2.0') && version_is_less(host_ver, '2016.1.2'))
-                on(host, 'curl http://apt.puppetlabs.com/DEB-GPG-KEY-puppetlabs | apt-key add -')
+              if version_is_less(host_ver, '3.8.7') || (!version_is_less(host_ver, '2015.2.0') && version_is_less(host_ver, '2016.4.0'))
+                on(host, "echo 'APT { Get { AllowUnauthenticated \"1\"; }; };' >> /etc/apt/apt.conf")
               end
             end
           end

diff --git a/spec/beaker-pe/install/pe_utils_spec.rb b/spec/beaker-pe/install/pe_utils_spec.rb
@@ -476,8 +476,8 @@ def slice_installer_options(host)
     end
   end
 
-  describe 'add_extended_gpg_key_to_hosts' do
-    let(:on_cmd) { 'curl http://apt.puppetlabs.com/DEB-GPG-KEY-puppetlabs | apt-key add -' }
+  describe 'ignore_gpg_key_warning_on_hosts' do
+    let(:on_cmd) { "echo 'APT { Get { AllowUnauthenticated \"1\"; }; };' >> /etc/apt/apt.conf" }
     let(:deb_host) do
       host = hosts.first
       host['platform'] = 'debian'
@@ -493,57 +493,57 @@ def slice_installer_options(host)
 
       it 'does nothing on el platforms' do
         expect(subject).not_to receive(:on).with(hosts[0], on_cmd)
-        subject.add_extended_gpg_key_to_hosts(hosts, opts)
+        subject.ignore_gpg_key_warning_on_hosts(hosts, opts)
       end
 
-      it 'installs key on debian based platforms' do
+      it 'adds in apt ignore gpg-key warning' do
         expect(subject).to receive(:on).with(hosts[1], on_cmd)
         expect(subject).to receive(:on).with(hosts[2], on_cmd)
-        subject.add_extended_gpg_key_to_hosts(hosts, opts)
+        subject.ignore_gpg_key_warning_on_hosts(hosts, opts)
       end
     end
 
     context 'mixed pe_versions' do
       before(:each) do
         hosts[0]['platform'] = 'debian'
-        hosts[0]['pe_ver'] = '2016.2.0'
+        hosts[0]['pe_ver'] = '2016.4.0'
         hosts[1]['platform'] = 'debian'
         hosts[1]['pe_ver'] = '3.8.4'
       end
 
-      it 'adds key to required hosts' do
+      it 'adds apt gpg-key ignore to required hosts' do
         expect(subject).not_to receive(:on).with(hosts[0], on_cmd)
         expect(subject).to receive(:on).with(hosts[1], on_cmd)
-        subject.add_extended_gpg_key_to_hosts(hosts, opts)
+        subject.ignore_gpg_key_warning_on_hosts(hosts, opts)
       end
     end
 
-    context 'PE versions earlier than 3.8.5' do
-      ['3.3.2', '3.7.3', '3.8.2'].each do |pe_ver|
-        it "Adds key on PE #{pe_ver}" do
+    context 'PE versions earlier than 3.8.7' do
+      ['3.3.2', '3.7.3', '3.8.2', '3.8.4', '3.8.5', '3.8.6'].each do |pe_ver|
+        it "Adds apt gpg-key ignore on PE #{pe_ver}" do
           deb_host['pe_ver'] = pe_ver
           expect(subject).to receive(:on).with(deb_host, on_cmd)
-          subject.add_extended_gpg_key_to_hosts(hosts, opts)
+          subject.ignore_gpg_key_warning_on_hosts(hosts, opts)
         end
       end
     end
 
-    context 'PE versions between 2015.2.0 and 2016.1.1' do
-      ['2015.2.0', '2015.3.1', '2016.1.1'].each do |pe_ver|
-        it "Adds key on PE #{pe_ver}" do
+    context 'PE versions between 2015.2.0 and 2016.2.1' do
+      ['2015.2.0', '2015.3.1', '2016.1.2', '2016.2.1'].each do |pe_ver|
+        it "Adds apt gpg-key ignore on PE #{pe_ver}" do
           deb_host['pe_ver'] = pe_ver
           expect(subject).to receive(:on).with(deb_host, on_cmd)
-          subject.add_extended_gpg_key_to_hosts(hosts, opts)
+          subject.ignore_gpg_key_warning_on_hosts(hosts, opts)
         end
       end
     end
 
-    ['3.8.5', '3.8.6', '2016.1.2', '2016.2.0'].each do |pe_ver|
+    ['2016.4.0', '2016.5.1', '2017.1.0'].each do |pe_ver|
       context "PE #{pe_ver}" do
         it 'does nothing' do
           deb_host['pe_ver'] = pe_ver
           expect(subject).not_to receive(:on).with(deb_host, on_cmd)
-          subject.add_extended_gpg_key_to_hosts(hosts, opts)
+          subject.ignore_gpg_key_warning_on_hosts(hosts, opts)
         end
       end
     end