From 03750708710b2e44a7ffa068c65f969ae4ed51f1 Mon Sep 17 00:00:00 2001 From: Maxim Masiutin Date: Wed, 28 Apr 2021 08:27:38 +0200 Subject: [PATCH] Binary GnuPG keys downloaded via URLs by the 'ansible.builtin.apt_key' module were corrupted so 'gpg' could not import them (https://github.com/ansible/ansible/issues/74424) --- .../74474-apt_key-gpg-binary-import.yaml | 3 +++ lib/ansible/modules/apt_key.py | 5 ++++- .../apt_key/samples/apt-key-example-binary.gpg | Bin 0 -> 1787 bytes .../targets/apt_key/tasks/apt_key_binary.yml | 13 +++++++++++++ test/integration/targets/apt_key/tasks/main.yml | 3 +++ 5 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/74474-apt_key-gpg-binary-import.yaml create mode 100644 test/integration/targets/apt_key/samples/apt-key-example-binary.gpg create mode 100644 test/integration/targets/apt_key/tasks/apt_key_binary.yml diff --git a/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml new file mode 100644 index 00000000000000..47e416b94399cf --- /dev/null +++ b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Binary GnuPG keys downloaded via URLs by the 'ansible.builtin.apt_key' module were corrupted so 'gpg' could not import them (https://github.com/ansible/ansible/issues/74424). diff --git a/lib/ansible/modules/apt_key.py b/lib/ansible/modules/apt_key.py index 87b6410a630b70..58e23216a99e9f 100644 --- a/lib/ansible/modules/apt_key.py +++ b/lib/ansible/modules/apt_key.py @@ -283,12 +283,15 @@ def download_key(module, url): def get_key_id_from_file(module, filename, data=None): + native_data = to_native(data) + is_armored = native_data.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0 + global lang_env key = None cmd = [gpg_bin, '--with-colons', filename] - (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=to_native(data)) + (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=(native_data if is_armored else data), binary_data=not is_armored) if rc != 0: module.fail_json(msg="Unable to extract key from '%s'" % ('inline data' if data is None else filename), stdout=out, stderr=err) diff --git a/test/integration/targets/apt_key/tasks/apt_key_binary.yml b/test/integration/targets/apt_key/tasks/apt_key_binary.yml new file mode 100644 index 00000000000000..9f55b90dd2acea --- /dev/null +++ b/test/integration/targets/apt_key/tasks/apt_key_binary.yml @@ -0,0 +1,13 @@ +--- + +- name: Ensure import of binary key downloaded using URLs works + apt_key: url=https://packages.cloud.google.com/apt/doc/apt-key.gpg + # replace the above URL to the following, after the pull request is accepted + # apt_key: url=https://github.com/ansible/ansible/tree/devel/test/integration/targets/apt_key/samples/apt-key-example-binary.gpg + register: apt_key_binary_test + +- name: Validate the results + assert: + that: + - 'apt_key_binary_test.changed is defined' + - 'apt_key_binary_test.changed' diff --git a/test/integration/targets/apt_key/tasks/main.yml b/test/integration/targets/apt_key/tasks/main.yml index acafd3edda33a2..f5292d3a71e17b 100644 --- a/test/integration/targets/apt_key/tasks/main.yml +++ b/test/integration/targets/apt_key/tasks/main.yml @@ -29,3 +29,6 @@ - import_tasks: 'file.yml' when: ansible_distribution in ('Ubuntu', 'Debian') + +- import_tasks: 'apt_key_binary.yml' + when: ansible_distribution in ('Ubuntu', 'Debian')