diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml
index 8080f0c6ced3..750852c52a4f 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml
@@ -40,13 +40,27 @@
{{% endif %}}
-- name: "{{{ rule_title }}}: Set Fact - Valid fingerprints"
+{{% if "rhel" in families and major_version_ordinal >= 10 %}}
+- name: "{{{ rule_title }}}: Set Fact - Valid fingerprints (without PQC)"
+ ansible.builtin.set_fact:
+ gpg_valid_fingerprints:
+ - "{{{ release_key_fingerprint }}}"
+ - "{{{ auxiliary_key_fingerprint }}}"
+ when: ansible_distribution_version is version('10.1', '<')
+
+- name: "{{{ rule_title }}}: Set Fact - Valid fingerprints (with PQC)"
ansible.builtin.set_fact:
gpg_valid_fingerprints:
- "{{{ release_key_fingerprint }}}"
- "{{{ auxiliary_key_fingerprint }}}"
-{{% if "rhel" in families and major_version_ordinal >= 10 %}}
- "{{{ pqc_key_fingerprint }}}"
+ when: ansible_distribution_version is version('10.1', '>=')
+{{% else %}}
+- name: "{{{ rule_title }}}: Set Fact - Valid fingerprints"
+ ansible.builtin.set_fact:
+ gpg_valid_fingerprints:
+ - "{{{ release_key_fingerprint }}}"
+ - "{{{ auxiliary_key_fingerprint }}}"
{{% endif %}}
- name: "{{{ rule_title }}}: Import RedHat GPG key"
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh
index 53931cd4009d..5fdb792b79cd 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh
@@ -25,13 +25,16 @@ then
# No CRC error, safe to proceed
if [ "${GPG_RESULT}" -eq "0" ]
then
+ # If $REDHAT_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
{{% if "rhel" in families and major_version_ordinal >= 10 %}}
- echo "${GPG_OUT[*]}" | grep -vE "${REDHAT_RELEASE_FINGERPRINT}|${REDHAT_AUXILIARY_FINGERPRINT}|${REDHAT_PQC_FINGERPRINT}" || {
+ if {{{ bash_os_linux_conditional("rhel", expected_ver="10.1", op=">=") | trim }}}
+ then
+ echo "${GPG_OUT[*]}" | grep -vE "${REDHAT_RELEASE_FINGERPRINT}|${REDHAT_AUXILIARY_FINGERPRINT}|${REDHAT_PQC_FINGERPRINT}" || rpm --import "${REDHAT_RELEASE_KEY}"
+ else
+ echo "${GPG_OUT[*]}" | grep -vE "${REDHAT_RELEASE_FINGERPRINT}|${REDHAT_AUXILIARY_FINGERPRINT}" || rpm --import "${REDHAT_RELEASE_KEY}"
+ fi
{{% else %}}
- echo "${GPG_OUT[*]}" | grep -vE "${REDHAT_RELEASE_FINGERPRINT}|${REDHAT_AUXILIARY_FINGERPRINT}" || {
+ echo "${GPG_OUT[*]}" | grep -vE "${REDHAT_RELEASE_FINGERPRINT}|${REDHAT_AUXILIARY_FINGERPRINT}" || rpm --import "${REDHAT_RELEASE_KEY}"
{{% endif %}}
- # If $REDHAT_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
- rpm --import "${REDHAT_RELEASE_KEY}"
- }
fi
fi
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
index 6871feba83b3..52461f678900 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
@@ -13,8 +13,13 @@
{{% if "rhel" in families and major_version_ordinal >= 10 %}}
-
+
+
+
+
+
+
+
{{% endif %}}
{{%- if centos_major_version %}}
@@ -88,5 +93,22 @@
{{%- endif %}}
+{{% if "rhel" in families and major_version_ordinal >= 10 %}}
+
+
+
+
+
+
+ /etc/os-release
+ ^VERSION_ID=["']?([\w.]+)["']?$
+ 1
+
+
+
+ 10.1
+
+{{% endif %}}
+
{{% endif %}}