From 6803e42e1055ccf1e726125190b75040301e9bab Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Mon, 29 Feb 2016 14:15:29 -0600
Subject: [PATCH] Security: Check for grub.cfg first

As noted in bug 1550426, the tasks for grub.cfg will fail if
the file is not present. This patch checks for the grub.cfg
and only tries to make changes if the file is present.

Closes-bug: 1550426

Change-Id: Id5368dfa2c24d555c59f9ceef4676f3d15706ad9
---
 tasks/boot.yml | 9 +++++++++
 tests/test.yml | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/tasks/boot.yml b/tasks/boot.yml
index 3a752ae6..3b0ee0ce 100644
--- a/tasks/boot.yml
+++ b/tasks/boot.yml
@@ -13,6 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Check to see if grub.cfg exists
+  stat:
+    path: /boot/grub/grub.cfg
+  register: grub_cfg
+  always_run: True
+
 - name: V-38579 - Bootloader configuration files must be owned by root
   file:
     path: /boot/grub/grub.cfg
@@ -21,6 +27,7 @@
     - boot
     - cat2
     - V-38579
+  when: grub_cfg.stat.exists
 
 - name: V-38581 - Bootloader configuration files must be group-owned by root
   file:
@@ -30,6 +37,7 @@
     - boot
     - cat2
     - V-38581
+  when: grub_cfg.stat.exists
 
 - name: V-38582 - Bootloader configuration files must have mode 0644 or less
   file:
@@ -39,3 +47,4 @@
     - boot
     - cat2
     - V-38582
+  when: grub_cfg.stat.exists
diff --git a/tests/test.yml b/tests/test.yml
index 942f6409..246c9018 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -15,5 +15,9 @@
 
 - name: Playbook for role testing
   hosts: localhost
+  pre_tasks:
+    - name: Ensure apt cache is updated before testing
+      apt:
+        update_cache: yes
   roles:
     - role: "{{ rolename }}"