Skip to content

Add GPG verification, default to latest, and CI#1

Closed
tobixen wants to merge 4 commits intomainfrom
feature/gpg-verification-and-latest-version
Closed

Add GPG verification, default to latest, and CI#1
tobixen wants to merge 4 commits intomainfrom
feature/gpg-verification-and-latest-version

Conversation

@tobixen
Copy link
Owner

@tobixen tobixen commented Dec 31, 2025

Summary

  • GPG signature verification: Downloads are verified using the official AWS CLI public key before installation (enabled by default)
  • Default to latest version: The version parameter now defaults to 'latest' for automatic updates
  • Ubuntu support: Added explicit support for Ubuntu 20.04 and 24.04
  • Fork attribution: Updated README and metadata with fork information
  • CI: Added rspec-puppet tests and GitHub Actions workflow

Changes

Security

  • Add AWS CLI GPG public key (files/aws-cli-public-key.asc)
  • Download and verify .sig file before extraction
  • New verify_signature parameter (defaults to true)
  • Requires gpg and unzip when verification is enabled

Usability

  • version parameter now optional, defaults to 'latest'
  • Uses non-versioned download URL when 'latest'
  • Always attempts upgrade when 'latest' (installer handles idempotency)

Metadata

  • Module renamed to tobixen-awscli2
  • Added Ubuntu 20.04, 24.04 and RedHat 8, 9 support
  • Extended Puppet version requirement to < 9.0.0
  • Version bumped to 0.4.0

Testing

  • Added rspec-puppet tests
  • GitHub Actions CI running puppet-lint and spec tests on Puppet 7 and 8

Test plan

  • CI passes (puppet-lint + rspec)
  • Manual test on Ubuntu 24.04 with default parameters
  • Manual test with verify_signature => false
  • Manual test with specific version

🤖 Generated with Claude Code

tobixen and others added 4 commits December 31, 2025 09:49
@tobixen @claude
Add GPG signature verification for AWS CLI installer
865853a 
Verify the GPG signature of downloaded AWS CLI packages using the
official AWS CLI public key, as recommended in the AWS documentation.

- Add AWS CLI public key (files/aws-cli-public-key.asc)
- Add verify_signature parameter (defaults to true)
- Download signature file and verify before extraction
- Use isolated gpg keyring to avoid affecting user's keyring
- Requires gpg and unzip packages when verification is enabled
- Fall back to direct extraction when verification is disabled

See: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@tobixen @claude
Default version to 'latest' for automatic updates
5a4f25a 
Change version parameter from required to optional, defaulting to
'latest' which always installs/upgrades to the latest available
AWS CLI version.

- Use non-versioned download URL when version is 'latest'
- Always attempt upgrade when version is 'latest' (installer handles idempotency)
- Skip old version cleanup when using 'latest' (version unknown at compile time)
- Update documentation with new default behavior and examples

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@tobixen @claude
Fork attribution and metadata updates
d82e592 
- Rename module to tobixen-awscli2
- Update author, source, project_page, and issues_url
- Add Ubuntu 20.04 and 24.04 to supported operating systems
- Expand RedHat support to versions 7, 8, 9
- Bump Puppet requirement to support Puppet 8
- Add fork attribution with link to original umd/awscli2 module
- Document fork changes in README

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@tobixen @claude
Add rspec-puppet tests and GitHub Actions CI
36d8cf0 
Add comprehensive spec tests for the awscli2 module:
- Test default parameters with 'latest' version
- Test GPG signature verification (enabled by default)
- Test verify_signature => false option
- Test specific version installation
- Test custom install_dir and bin_dir parameters
- Test ensure => absent for uninstall

CI configuration:
- Run puppet-lint for code style checking
- Run rspec-puppet tests on Puppet 7 and 8
- Use appropriate Ruby versions for each Puppet version

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@tobixen tobixen force-pushed the feature/gpg-verification-and-latest-version branch from f25e761 to 36d8cf0 Compare December 31, 2025 13:14
@tobixen tobixen closed this Jan 3, 2026
@tobixen tobixen deleted the feature/gpg-verification-and-latest-version branch January 3, 2026 01:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tobixen