fingerprint check

dkirilenko · Apr 9, 2019 · 521340f · 521340f
1 parent 22025a6
commit 521340f
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/.kitchen.aws.yml b/.kitchen.aws.yml
@@ -29,14 +29,14 @@ verifier:
   name: inspec
 
 platforms:
-#  - name: ubuntu-16.04
-#    transport:
-#      username: ubuntu
+  - name: ubuntu-16.04
+    transport:
+      username: ubuntu
   - name: ubuntu-18.04
     transport:
       username: ubuntu
-#  - name: centos-7
-#  - name: fedora-29
+  - name: centos-7
+  - name: fedora-29
 
 suites:
   - name: default

diff --git a/libraries/agent_installer_helpers.rb b/libraries/agent_installer_helpers.rb
@@ -29,10 +29,9 @@ def verify_installer(args)
             }
 
       code_linux =<<-'EOC'
-        fingerprint="$(gpg --with-colons --import-options import-show --import "$GPG_FILE" | grep '^fpr' | cut -d':' -f10)"
-        test $? -ne 0 &&\
-          echo 'ERROR: could not retrieve key from gpg file' &&\
-            exit 1
+        gpg --import "$GPG_FILE" 2>&1
+        key="Amazon CloudWatch Agent"
+        fingerprint="$(gpg --with-colons --fixed-list-mode --with-fingerprint --list-keys $key | grep fpr | cut -d':' -f10)"
 
         test "$fingerprint" != "$EXPECTED_FINGERPRINT" &&\
           echo "ERROR: fingerprint '$fingerprint' does not match the expected: '$EXPECTED_FINGERPRINT'" &&\