Commit c2b1d1f4 authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

aurweb: Verify the commit is signed with Kevin's PGP key

parent 0eb112c6
......@@ -9,6 +9,7 @@ aurweb_git_dir: "{{ aurweb_dir }}/aur.git"
aurweb_git_hook: '/usr/local/bin/aurweb-git-update'
aurweb_nginx_conf: '/etc/nginx/nginx.d/aurweb.conf'
aurweb_version: 'live'
aurweb_pgp_keys: ['0F985B6F99B6686854C44EC3F7E46DED420788F3']
aurweb_db: 'aur'
aurweb_db_host: 'localhost'
......
......@@ -32,11 +32,21 @@
- name: Create directory
file: path={{ aurweb_dir }} state=directory owner={{ aurweb_user }} group=http mode=0775
- name: receive valid signing keys
command: /usr/bin/gpg --keyserver keys.openpgp.org --recv {{ item }}
loop: '{{ aurweb_pgp_keys }}'
become: true
become_user: "{{ aurweb_user }}"
register: gpg
changed_when: "gpg.rc == 0"
- name: clone aurweb repo
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
version={{ aurweb_version }}
verify_commit: true
gpg_whitelist: '{{ aurweb_pgp_keys }}'
become: true
become_user: "{{ aurweb_user }}"
register: release
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment