From c1c3a372d74a4520a9954bca3248a1c2d1a3f276 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Wed, 9 Jan 2019 00:26:14 +0100 Subject: [PATCH] Allow setting a custom apt and rpm signing key host (#84) * Allow setting a custom apt and rpm signing key host * Change default fallback key to https * Use facts to determine which signing key to use * Add single quotes --- README.md | 5 ++++- defaults/main.yml | 4 ++++ tasks/keys/apt-key.yml | 6 +++++- tasks/keys/rpm-key.yml | 6 +++++- 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index bc60429..442a456 100644 --- a/README.md +++ b/README.md @@ -184,6 +184,10 @@ nginx_type: opensource # Default is nginx_repository. nginx_install_from: nginx_repository +# Choose where to fetch the NGINX signing key from. +# Default is the official NGINX signing key host. +nginx_signing_key: https://nginx.org/keys/nginx_signing.key + # Specify source repository for NGINX Open Source. # Only works if 'install_from' is set to 'nginx_repository'. # Defaults are the official NGINX repositories. @@ -364,7 +368,6 @@ nginx_http_template: # Enable creating dynamic templated NGINX stream configuration files. nginx_stream_template_enable: false nginx_stream_template_listen: 12345 - ``` Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index a7db8f8..122adf0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -17,6 +17,10 @@ nginx_type: opensource # Default is nginx_repository. nginx_install_from: nginx_repository +# Choose where to fetch the NGINX signing key from. +# Default is the official NGINX signing key host. +nginx_signing_key: http://nginx.org/keys/nginx_signing.key + # Specify source repository for NGINX Open Source. # Only works if 'install_from' is set to 'nginx_repository'. # Defaults are the official NGINX repositories. diff --git a/tasks/keys/apt-key.yml b/tasks/keys/apt-key.yml index a52bbe0..0153940 100644 --- a/tasks/keys/apt-key.yml +++ b/tasks/keys/apt-key.yml @@ -1,4 +1,8 @@ --- +- name: "(Install: APT OSs) Set APT NGINX Signing Key URL" + set_fact: + keysite: "{{ nginx_signing_key | default('http://nginx.org/keys/nginx_signing.key') }}" + - name: "(Install: APT OSs) Add APT NGINX Signing Key" apt_key: - url: "{{ 'http://nginx.org/keys/nginx_signing.key' | default('https://nginx.org/keys/nginx_signing.key') }}" + url: "{{ keysite | default('https://nginx.org/keys/nginx_signing.key') }}" diff --git a/tasks/keys/rpm-key.yml b/tasks/keys/rpm-key.yml index d1b0531..e3356c5 100644 --- a/tasks/keys/rpm-key.yml +++ b/tasks/keys/rpm-key.yml @@ -1,4 +1,8 @@ --- +- name: "(Install: RPM OSs) Set RPM NGINX Signing Key URL" + set_fact: + keysite: "{{ nginx_signing_key | default('http://nginx.org/keys/nginx_signing.key') }}" + - name: "(Install: RPM OSs) Add RPM NGINX Signing Key" rpm_key: - key: "{{ 'http://nginx.org/keys/nginx_signing.key' | default('https://nginx.org/keys/nginx_signing.key') }}" + key: "{{ keysite | default('https://nginx.org/keys/nginx_signing.key') }}"