fix: workaround newer gnupg & insights-core/insights-client

It looks like gnupg as available in Fedora 39 and newer does not validate anymore signatures in case their key is not part of the current keyring (which is what insights-client does). Since the way both insights-core and insights-client validate GPG signatures is being reworked/improved [1][2], add a crude workaround on Fedora 39+. [1] RedHatInsights/insights-core#3930 [2] RedHatInsights#154 Signed-off-by: Pino Toscano <[email protected]>
ptoscano · Dec 8, 2023 · 4e3da34 · 4e3da34
1 parent e613b63
commit 4e3da34
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/systemtest/tests/integration/test.sh b/systemtest/tests/integration/test.sh
@@ -2,6 +2,17 @@
 set -eu
 set -x
 
+. /etc/os-release
+if test "${ID}" = fedora -a ${VERSION_ID} -ge 39; then
+  # HACK
+  # on newer gnupg import the key to the local keyring; this will be solved
+  # once both insights-core and insights-client are fixed to not rely on
+  # root's .gnupg directory:
+  # - https://github.com/RedHatInsights/insights-core/pull/3930
+  # - https://github.com/RedHatInsights/insights-client/pull/154
+  gpg --import /etc/insights-client/redhattools.pub.gpg
+fi
+
 # get to project root
 cd ../../../