f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
862 B
---id: V-71977 status: implemented tag: packages ---
On Ubuntu systems, the tasks check for the
AllowUnauthenticated string anywhere in the apt
configuration files found within /etc/apt/apt.conf.d/. If
the string is found, a warning is printed on the console.
On CentOS 7 systems, the tasks set the gpgcheck option
to 1 in the /etc/yum.conf file. This enables
GPG checks for all packages installed with yum.
On openSUSE Leap systems, the tasks set the gpgcheck
option to 1 in the /etc/zypp/zypp.conf file.
This enables GPG checks for all packages installed with
zypper.
Setting security_enable_gpgcheck_packages to
no will skip the AllowUnauthenticated string
check on Ubuntu and it will set gpgcheck=0 in
/etc/yum.conf or /etc/zypp/zypp.conf on CentOS
and openSUSE Leap systems respectively.