Check key fingerprints

DataDog · Mar 2, 2023 · 607dd30 · 607dd30
1 parent 0599495
commit 607dd30
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -88,10 +88,10 @@ datadog_yum_gpgcheck: yes
 datadog_yum_gpgkey_current: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_CURRENT.public"
 # this key expires in 2022
 datadog_yum_gpgkey_e09422b3: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_E09422B3.public"
-datadog_yum_gpgkey_e09422b3_sha256sum: "694a2ffecff85326cc08e5f1a619937999a5913171e42f166e13ec802c812085"
+datadog_yum_gpgkey_e09422b3_fingerprint: "A4C0B90D7443CF6E4E8AA341F1068E14E09422B3"
 # this key expires in 2024
 datadog_yum_gpgkey_20200908: "https://s3.amazonaws.com/public-signing-keys/DATADOG_RPM_KEY_FD4BF915.public"
-datadog_yum_gpgkey_20200908_sha256sum: "4d16c598d3635086762bd086074140d947370077607db6d6395b8523d5c23a7d"
+datadog_yum_gpgkey_20200908_fingerprint: "C6559B690CA882F023BDF3F63F4D1729FD4BF915"
 # Default zypper repo and keys
 
 # By default, we fail early & print a helpful message if an older Ansible version and Python 3

diff --git a/tasks/pkg-redhat.yml b/tasks/pkg-redhat.yml
@@ -34,12 +34,14 @@
 - name: Import new RPM key (Expires in 2022)
   rpm_key:
     key: "{{ datadog_yum_gpgkey_e09422b3 }}"
+    fingerprint: "{{ datadog_yum_gpgkey_e09422b3_fingerprint }}"
     state: present
   when: not ansible_check_mode
 
 - name: Import new RPM key (Expires in 2024)
   rpm_key:
     key: "{{ datadog_yum_gpgkey_20200908 }}"
+    fingerprint: "{{ datadog_yum_gpgkey_20200908_fingerprint }}"
     state: present
   when: not ansible_check_mode