From 13889a5878f66cff417e9303b254d34255de5b4b Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Fri, 25 Aug 2017 13:26:50 -0400 Subject: [PATCH] Remove GPG public key for sign-artifacts role This is actually a noop for gpg, since the private key also contains the public. Change-Id: I60d4ebf0f3343911986a4e6c46a806539cda701b Signed-off-by: Paul Belanger --- roles/sign-artifacts/README.rst | 10 +++------- roles/sign-artifacts/tasks/main.yaml | 19 ------------------- 2 files changed, 3 insertions(+), 26 deletions(-) diff --git a/roles/sign-artifacts/README.rst b/roles/sign-artifacts/README.rst index 72bd2f82b..65ebf7cd7 100644 --- a/roles/sign-artifacts/README.rst +++ b/roles/sign-artifacts/README.rst @@ -4,13 +4,9 @@ Sign artifacts .. zuul:rolevar:: gpg_key - Complex argument which contains the GPG public and secret keyrings - for signing the artifacts. It is expected that this argument comes - from a `Secret`. - - .. zuul:rolevar:: public - - The ascii-armored contents of the GPG public key. + Complex argument which contains the GPG private key for signing + the artifacts. It is expected that this argument comes from a + `Secret`. .. zuul:rolevar:: private diff --git a/roles/sign-artifacts/tasks/main.yaml b/roles/sign-artifacts/tasks/main.yaml index 704a38644..32c6c083c 100644 --- a/roles/sign-artifacts/tasks/main.yaml +++ b/roles/sign-artifacts/tasks/main.yaml @@ -22,25 +22,6 @@ path: "{{ gpg_private_key_tmp.path }}" state: absent -- name: Create GPG public key tempfile - tempfile: - state: file - register: gpg_public_key_tmp - -- name: Create GPG public key - copy: - content: "{{ gpg_key.public }}" - dest: "{{ gpg_public_key_tmp.path }}" - mode: 0400 - -- name: Import GPG public key - command: "gpg --homedir {{ gnupg_tmpdir.path }} --import {{ gpg_public_key_tmp.path }}" - -- name: Delete GPG public key - file: - path: "{{ gpg_public_key_tmp.path }}" - state: absent - - name: Find files to sign find: paths: "{{ gpg_sign_path }}"