Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-126844

Ansible RPM module uses the GPG command which fails with a PQC key in RHEL 10.1

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.1
    • ansible-core
    • Yes
    • AssignedTeam
    • None
    • rhel-sst-ccs
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • None
    • None
    • Known Issue
    • Hide
      .Ansible `rpm_key` modules fail to work with the OpenPGP v6 `RPM-GPG-KEY-redhat-release` key

      RHEL 10.1 uses the Red Hat RPM signing key extended with a post-quantum public key and stored in the `/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release` file in the OpenPGP v6 format. Because the Ansible `rpm_key` modules use the GnuPG tools, which cannot handle post-quantum keys and OpenPGP v6, the modules fail to work with this key.
      Show
      .Ansible `rpm_key` modules fail to work with the OpenPGP v6 `RPM-GPG-KEY-redhat-release` key RHEL 10.1 uses the Red Hat RPM signing key extended with a post-quantum public key and stored in the `/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release` file in the OpenPGP v6 format. Because the Ansible `rpm_key` modules use the GnuPG tools, which cannot handle post-quantum keys and OpenPGP v6, the modules fail to work with this key.
    • Done
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      I was trying to import an RHEL 10.1 RPM release key with Ansible.

      What is the impact of this issue to you?

      The failed playbook aborts the whole configuration of security hardening through Ansible playbooks.

      Please provide the package NVR for which the bug is seen:

      ansible-core-2.16.14-1.el10.noarch.rpm

      How reproducible is this bug?:

      100%

      Steps to reproduce

      Described in https://issues.redhat.com/browse/RHELBLD-17502?focusedId=28404308&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-28404308

      Expected results

      The playbook is not aborted.

      Actual results

      The playbook is aborted.

              dsavinea@redhat.com Dimitri Savineau
              vpolasek@redhat.com Vojtech Polasek
              Dimitri Savineau
              Dimitri Savineau Dimitri Savineau
              Matt Clay Matt Clay
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: