From 42408a97ea428a0e2d1480da75a4051d82a3fb69 Mon Sep 17 00:00:00 2001 From: Andreas Olsson Date: Sun, 2 Jul 2017 06:44:14 +0200 Subject: [PATCH] Correct doc about the Git module verify_commit param All that is required to verify the signature is that the matching public key is present in the remote user's keyring. There is no need for GnuPG to explicitly trust the authenticity of the key. Not Ansible specific, but rather the behavior of the `git verify-commit` and the `git verify-tag` command line invocations. --- lib/ansible/modules/source_control/git.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/modules/source_control/git.py b/lib/ansible/modules/source_control/git.py index 8ed88fac35c..3624c135a39 100644 --- a/lib/ansible/modules/source_control/git.py +++ b/lib/ansible/modules/source_control/git.py @@ -183,7 +183,7 @@ options: - if C(yes), when cloning or checking out a C(version) verify the signature of a GPG signed commit. This requires C(git) version>=2.1.0 to be installed. The commit MUST be signed and the public key MUST - be trusted in the GPG trustdb. + be present in the GPG keyring. archive: required: false