Add GPG signature verification to adoptium binary downloads

[Haroon-Khel]

Follow on from #2233

• The download of the adoptium and azul binaries need signature verification
• Add sig verification features to windows playbook
• Add sig verification features to AIX playbook

[Haroon-Khel]

A bit of a problem on AIX. I've installed GnuPG2

Name        : gnupg2
Arch        : ppc
Version     : 2.2.35
Release     : 1
Size        : 34 M
Repo        : installed
From repo   : AIX_Toolbox
Summary     : A GNU utility for secure communication and data storage.
URL         : https://www.gnupg.org
License     : GPLv3+
Description : GnuPG is GNU's tool for secure communication and data storage.  It can
            : be used to encrypt data and to create digital signatures.  It includes
            : an advanced key management facility and is compliant with the proposed
            : OpenPGP Internet standard as described in RFC2440 and the S/MIME
            : standard as described by several RFCs.
            : 
            : GnuPG 2.0 is a newer version of GnuPG with additional support for
            : S/MIME.  It has a different design philosophy that splits
            : functionality up into several modules.
            : 
            : This package includes support for smart cards and S/MIME encryption
            : and signing.

I get the following error when trying to import keys

root@adopt10:[/root]gpg --keyserver keyserver.ubuntu.com --recv-keys A2115AE15F6B8B72
gpg: keyserver receive failed: A file or directory in the path name does not exist.

A lot of solutions claim the error lies in /etc/resolve.conf. I've added google's dns server to /etc/resolve.conf and still no luck.

@aixtools Any advice on GnuPG on AIX?

[Haroon-Khel]

#2999 is ready for review. In it i've added verification for jdk downloads made in the unix playbook

[Haroon-Khel]

ref windows. The script ansible module is supported for windows, but it looks like it doesn't work as well as it does on linux. If I purposely try to crash the package_signature_verification.sh, ansible wont report a failure so thats not good. I'll have to write the verification steps as single tasks then, or bind them into a role and import the role for every download

[sxa]

If I purposely try to crash the package_signature_verification.sh,

Hmm - is the script returning a non-zero error code in that situation outside ansible? I'm surprised it's acting differently, and it would definitely be preferable to try and avoid using a different process on UNIX vs Windows if we can.

[Haroon-Khel]

TASK [ANT : GPG Signature Verification of ANT] **********************************************************************************************************************************************************************
changed: [13.68.134.204] => {"changed": true, "rc": 0, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

This was the output, using the script ansible module, which is supposed to work on windows according to the docs. It should say FAILED but it isnt cooperating.

At the moment I have reconstructed the script as an ansible role, #3018, which looks to be working well

[sxa]

To be clear, the failure was indeed happening on the alpine host you referenced within the mac job, which is what's making me confused - and that's the one that was giving the error message :-)

15:36:34 Running on test-docker-alpine313-aarch64-1 in /home/jenkins/workspace/Test_openjdk8_hs_extended.openjdk_x86-64_mac
[Pipeline] {
[Pipeline] cleanWs
[Pipeline] echo
15:36:34 Exception: java.nio.file.FileSystemException: /home/jenkins/workspace/Test_openjdk8_hs_extended.openjdk_x86-64_mac: No space left on device

[Haroon-Khel]

This can be closed