From fa1b08830a0d4f57d2293cbb2c1438f9795b0f4c Mon Sep 17 00:00:00 2001
From: Kevin Fairise <132568982+KevinFairise2@users.noreply.github.com>
Date: Mon, 17 Jul 2023 13:39:40 +0200
Subject: [PATCH 1/2] Revert "Import RPM keys directly from URL (#475)"

This reverts commit 8c3e2a9aee6abfc66cf9654ad1d1d24b9a917ac2.
---
 tasks/pkg-redhat.yml | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/tasks/pkg-redhat.yml b/tasks/pkg-redhat.yml
index 927c8ad9..4cf2a5f8 100644
--- a/tasks/pkg-redhat.yml
+++ b/tasks/pkg-redhat.yml
@@ -24,21 +24,39 @@
         ) else 'yes'
       ) }}
 
+- name: Download current RPM key
+  get_url:
+    url: "{{ datadog_yum_gpgkey_current }}"
+    dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
+    force: yes
+
 - name: Import current RPM key
   rpm_key:
-    key: "{{ datadog_yum_gpgkey_current }}"
+    key: /tmp/DATADOG_RPM_KEY_CURRENT.public
     state: present
   when: not ansible_check_mode
 
+- name: Download new RPM key (Expires in 2022)
+  get_url:
+    url: "{{ datadog_yum_gpgkey_e09422b3 }}"
+    dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}"
+
 - name: Import new RPM key (Expires in 2022)
   rpm_key:
-    key: "{{ datadog_yum_gpgkey_e09422b3 }}"
+    key: /tmp/DATADOG_RPM_KEY_E09422B3.public
     state: present
   when: not ansible_check_mode
 
+- name: Download new RPM key (Expires in 2024)
+  get_url:
+    url: "{{ datadog_yum_gpgkey_20200908 }}"
+    dest: /tmp/DATADOG_RPM_KEY_20200908.public
+    checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}"
+
 - name: Import new RPM key (Expires in 2024)
   rpm_key:
-    key: "{{ datadog_yum_gpgkey_20200908 }}"
+    key: /tmp/DATADOG_RPM_KEY_20200908.public
     state: present
   when: not ansible_check_mode
 

From 25d4021eee0275b34305143f93b36cad49d9bb15 Mon Sep 17 00:00:00 2001
From: Kevin Fairise <kevin.fairise@datadoghq.com>
Date: Mon, 17 Jul 2023 14:05:14 +0200
Subject: [PATCH 2/2] Fix lint and key 2028 import

---
 tasks/pkg-redhat.yml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/tasks/pkg-redhat.yml b/tasks/pkg-redhat.yml
index 4cf2a5f8..687c7f67 100644
--- a/tasks/pkg-redhat.yml
+++ b/tasks/pkg-redhat.yml
@@ -28,7 +28,8 @@
   get_url:
     url: "{{ datadog_yum_gpgkey_current }}"
     dest: /tmp/DATADOG_RPM_KEY_CURRENT.public
-    force: yes
+    mode: 600
+    force: true
 
 - name: Import current RPM key
   rpm_key:
@@ -40,6 +41,7 @@
   get_url:
     url: "{{ datadog_yum_gpgkey_e09422b3 }}"
     dest: /tmp/DATADOG_RPM_KEY_E09422B3.public
+    mode: 600
     checksum: "sha256:{{ datadog_yum_gpgkey_e09422b3_sha256sum }}"
 
 - name: Import new RPM key (Expires in 2022)
@@ -52,6 +54,7 @@
   get_url:
     url: "{{ datadog_yum_gpgkey_20200908 }}"
     dest: /tmp/DATADOG_RPM_KEY_20200908.public
+    mode: 600
     checksum: "sha256:{{ datadog_yum_gpgkey_20200908_sha256sum }}"
 
 - name: Import new RPM key (Expires in 2024)
@@ -60,9 +63,16 @@
     state: present
   when: not ansible_check_mode
 
+- name: Download new RPM key (Expires in 2028)
+  get_url:
+    url: "{{ datadog_yum_gpgkey_20280418 }}"
+    dest: /tmp/DATADOG_RPM_KEY_20280418.public
+    mode: 600
+    checksum: "sha256:{{ datadog_yum_gpgkey_20280418_sha256sum }}"
+
 - name: Import new RPM key (Expires in 2028)
   rpm_key:
-    key: "{{ datadog_yum_gpgkey_20280418 }}"
+    key: /tmp/DATADOG_RPM_KEY_20280418.public
     state: present
   when: not ansible_check_mode