Merge pull request #14596 from ggbecker/fix-sq-command-not-found

Guard SQ inspect command for RHEL>=10.1 only

Author: Mab879

linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml

@@ -19,6 +19,16 @@
   failed_when: False
   check_mode: no
   register: gpg_fingerprints
+  when: ansible_distribution_version is version('10.1', '>=')
+
+- name: "{{{ rule_title }}}: Read signatures in GPG key"
+  # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10
+  ansible.builtin.command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+  changed_when: False
+  register: gpg_fingerprints
+  failed_when: False
+  check_mode: no
+  when: ansible_distribution_version is version('10.1', '<')
 
 - name: "{{{ rule_title }}}: Set Fact - Installed GPG Fingerprints (sq format)"
   ansible.builtin.set_fact:

linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh

@@ -17,7 +17,12 @@ then
   # If they are safe, try to obtain fingerprints from the key file
   # (to ensure there won't be e.g. CRC error).
 {{% if "rhel" in families  and major_version_ordinal >= 10 %}}
-  readarray -t GPG_OUT < <(sq inspect "$REDHAT_RELEASE_KEY" | grep Fingerprint: | cut -d ":" -f 2)
+    if {{{ bash_os_linux_conditional("rhel", expected_ver="10.1", op=">=") | trim }}}
+    then
+      readarray -t GPG_OUT < <(sq inspect "$REDHAT_RELEASE_KEY" | grep Fingerprint: | cut -d ":" -f 2)
+    else
+      readarray -t GPG_OUT < <(gpg --show-keys --with-fingerprint --with-colons "$REDHAT_RELEASE_KEY" | grep -A1 "^pub" | grep "^fpr" | cut -d ":" -f 10)
+    fi
 {{% else %}}
   readarray -t GPG_OUT < <(gpg --show-keys --with-fingerprint --with-colons "$REDHAT_RELEASE_KEY" | grep -A1 "^pub" | grep "^fpr" | cut -d ":" -f 10)
 {{% endif %}}