sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs(environment): document RPM GPG policy relaxation

Browse Source
This commit is contained in:
Sandwich
2026-02-20 20:19:57 +01:00
parent 19f2c9efe2
commit 0a5c70e49f
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/environment/tasks/main.yml
View File

@@ -205,6 +205,10 @@
opts: "ro,loop" opts: "ro,loop"
state: mounted state: mounted
# Security note: RPM Sequoia signature policy is relaxed to allow
# bootstrapping RHEL-family distros from the Arch ISO, where the
# host rpm/dnf does not trust target distro GPG keys. Package
# integrity is verified by the target system's own rpm after reboot.
- name: Relax RPM Sequoia signature policy for RHEL bootstrap - name: Relax RPM Sequoia signature policy for RHEL bootstrap
when: is_rhel | bool when: is_rhel | bool
ansible.builtin.copy: ansible.builtin.copy: