Do not enforce repo_gpgcheck in guestpolicies (#305)

GoogleCloudPlatform · Apr 2, 2021 · a63de3e · a63de3e
1 parent 6388e36
commit a63de3e
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 10 deletions.
diff --git a/e2e_tests/utils/utils.go b/e2e_tests/utils/utils.go
@@ -29,6 +29,7 @@ import (
 
 var (
 	yumInstallAgent = `
+sed -i 's/repo_gpgcheck=1/repo_gpgcheck=0/g' /etc/yum.repos.d/google-cloud.repo
 sleep 10
 systemctl stop google-osconfig-agent
 stop -q -n google-osconfig-agent  # required for EL6

diff --git a/policies/yum.go b/policies/yum.go
@@ -36,14 +36,12 @@ func yumRepositories(ctx context.Context, repos []*agentendpointpb.YumRepository
 		baseurl=https://repo1-url
 		enabled=1
 		gpgcheck=1
-		repo_gpgcheck=1
 		gpgkey=http://repo1-url/gpg
 		[repo2]
 		display_name=repo2-name
 		baseurl=https://repo2-url
 		enabled=1
 		gpgcheck=1
-		repo_gpgcheck=1
 	*/
 	var buf bytes.Buffer
 	buf.WriteString("# Repo file managed by Google OSConfig agent\n")
@@ -55,7 +53,7 @@ func yumRepositories(ctx context.Context, repos []*agentendpointpb.YumRepository
 			buf.WriteString(fmt.Sprintf("name=%s\n", repo.DisplayName))
 		}
 		buf.WriteString(fmt.Sprintf("baseurl=%s\n", repo.BaseUrl))
-		buf.WriteString("enabled=1\ngpgcheck=1\nrepo_gpgcheck=1\n")
+		buf.WriteString("enabled=1\ngpgcheck=1\n")
 		if len(repo.GpgKeys) > 0 {
 			buf.WriteString(fmt.Sprintf("gpgkey=%s\n", repo.GpgKeys[0]))
 			for _, k := range repo.GpgKeys[1:] {

diff --git a/policies/yum_test.go b/policies/yum_test.go
@@ -57,15 +57,15 @@ func TestYumRepositories(t *testing.T) {
 			[]*agentendpointpb.YumRepository{
 				{BaseUrl: "http://repo1-url/", Id: "id"},
 			},
-			"# Repo file managed by Google OSConfig agent\n\n[id]\nname=id\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\n",
+			"# Repo file managed by Google OSConfig agent\n\n[id]\nname=id\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\n",
 		},
 		{
 			"2 repos",
 			[]*agentendpointpb.YumRepository{
 				{BaseUrl: "http://repo1-url/", Id: "id1", DisplayName: "displayName1", GpgKeys: []string{"https://url/key"}},
 				{BaseUrl: "http://repo1-url/", Id: "id2", DisplayName: "displayName2", GpgKeys: []string{"https://url/key1", "https://url/key2"}},
 			},
-			"# Repo file managed by Google OSConfig agent\n\n[id1]\nname=displayName1\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=https://url/key\n\n[id2]\nname=displayName2\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=https://url/key1\n       https://url/key2\n",
+			"# Repo file managed by Google OSConfig agent\n\n[id1]\nname=displayName1\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\ngpgkey=https://url/key\n\n[id2]\nname=displayName2\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\ngpgkey=https://url/key1\n       https://url/key2\n",
 		},
 	}
 

diff --git a/policies/zypper.go b/policies/zypper.go
@@ -36,14 +36,12 @@ func zypperRepositories(ctx context.Context, repos []*agentendpointpb.ZypperRepo
 		baseurl=https://repo1-url
 		enabled=1
 		gpgcheck=1
-		repo_gpgcheck=1
 		gpgkey=http://repo1-url/gpg
 		[repo2]
 		display_name=repo2-name
 		baseurl=https://repo2-url
 		enabled=1
 		gpgcheck=1
-		repo_gpgcheck=1
 	*/
 	var buf bytes.Buffer
 	buf.WriteString("# Repo file managed by Google OSConfig agent\n")
@@ -55,7 +53,7 @@ func zypperRepositories(ctx context.Context, repos []*agentendpointpb.ZypperRepo
 			buf.WriteString(fmt.Sprintf("name=%s\n", repo.DisplayName))
 		}
 		buf.WriteString(fmt.Sprintf("baseurl=%s\n", repo.BaseUrl))
-		buf.WriteString("enabled=1\ngpgcheck=1\nrepo_gpgcheck=1\n")
+		buf.WriteString("enabled=1\ngpgcheck=1\n")
 		if len(repo.GpgKeys) > 0 {
 			buf.WriteString(fmt.Sprintf("gpgkey=%s\n", repo.GpgKeys[0]))
 			for _, k := range repo.GpgKeys[1:] {

diff --git a/policies/zypper_test.go b/policies/zypper_test.go
@@ -57,15 +57,15 @@ func TestZypperRepositories(t *testing.T) {
 			[]*agentendpointpb.ZypperRepository{
 				{BaseUrl: "http://repo1-url/", Id: "id"},
 			},
-			"# Repo file managed by Google OSConfig agent\n\n[id]\nname=id\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\n",
+			"# Repo file managed by Google OSConfig agent\n\n[id]\nname=id\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\n",
 		},
 		{
 			"2 repos",
 			[]*agentendpointpb.ZypperRepository{
 				{BaseUrl: "http://repo1-url/", Id: "id1", DisplayName: "displayName1", GpgKeys: []string{"https://url/key"}},
 				{BaseUrl: "http://repo1-url/", Id: "id2", DisplayName: "displayName2", GpgKeys: []string{"https://url/key1", "https://url/key2"}},
 			},
-			"# Repo file managed by Google OSConfig agent\n\n[id1]\nname=displayName1\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=https://url/key\n\n[id2]\nname=displayName2\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=https://url/key1\n       https://url/key2\n",
+			"# Repo file managed by Google OSConfig agent\n\n[id1]\nname=displayName1\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\ngpgkey=https://url/key\n\n[id2]\nname=displayName2\nbaseurl=http://repo1-url/\nenabled=1\ngpgcheck=1\ngpgkey=https://url/key1\n       https://url/key2\n",
 		},
 	}