Verify successful GPG imports

2023-10-19 13:37:35 -04:00 · 2023-10-19 13:37:35 -04:00 · 2354a8fb8c
commit 2354a8fb8c
parent 251a7c0dd5
1 changed files with 14 additions and 3 deletions
--- a/roles/base/tasks/system.yml
+++ b/roles/base/tasks/system.yml
@ -18,9 +18,20 @@
  when: root_gpgkeys is defined

 - name: Import GPG keys
-  command: "gpg --keyserver {{ item.server | default('keys.openpgp.org') }} --recv-key {{ item.id }}"
-  loop: "{{ root_gpgkeys }}"
-  when: root_gpgkeys is defined and gpg_check.results | map(attribute='rc') | list != [0]
+  command: "gpg --keyserver {{ item.0.server | default('keys.openpgp.org') }} --recv-key {{ item.0.id }}"
+  register: gpg_check_import
+  loop: "{{ root_gpgkeys | zip(gpg_check.results) | list }}"
+  loop_control:
+    label: "{{ item.0.id }}"
+  when: root_gpgkeys is defined and item.1.rc != 0
+
+- name: Check GPG key imports
+  fail:
+    msg: "{{ item.stderr }}"
+  loop: "{{ gpg_check_import.results }}"
+  loop_control:
+    label: "{{ item.item.0.id }}"
+  when: (item.skipped | default(false) == false) and ('imported' not in item.stderr)

 - name: Install NTPsec
  ansible.builtin.apt: