openstack/openstack-ansible-lxc_hosts
Code Issues Proposed changes

Do not install post-quantum GPG keys

Browse Source 
At the moment rpm_key fails to process PQC GPG keys while attempting
to check if gpg is installed [1].

Thus, rpm_key needs to start running sequoia instead of gnupg to verify
PQ keys.

Until then, we avoid importing PQC keys.

[1] https://github.com/ansible/ansible/blob/69afa45880c9c03009b178632dccc7c0ffc5b5fa/lib/ansible/modules/rpm_key.py#L240

Change-Id: If176d905411869b55ff1751659f5e46963c9f037
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
This commit is contained in:
Dmitriy Rabotyagov
2026-01-08 00:05:31 +01:00
parent f9fbada7ea
commit 2e07ee0992
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/prep-scripts/redhat_prep.sh.j2
+5 -1
View File
@@ -6,7 +6,11 @@ set -e -x
{% include 'templates/prep-scripts/_container_sys_setup.sh.j2' %}
if [[ -d "/etc/pki/rpm-gpg" ]]; then
rpm --import /etc/pki/rpm-gpg/* || true
for key in /etc/pki/rpm-gpg/*; do
if [[ "${key}" != *-PQC ]]; then
rpm --import "${key}" || true
fi
done
fi
# The containers do not need the LXC repository (only hosts need it).