79 lines
3.6 KiB
Diff
79 lines
3.6 KiB
Diff
From 03750708710b2e44a7ffa068c65f969ae4ed51f1 Mon Sep 17 00:00:00 2001
|
|
From: Maxim Masiutin <maxim@masiutin.com>
|
|
Date: Wed, 28 Apr 2021 08:27:38 +0200
|
|
Subject: [PATCH] Binary GnuPG keys downloaded via URLs by the
|
|
'ansible.builtin.apt_key' module were corrupted so 'gpg' could not import
|
|
them (https://github.com/ansible/ansible/issues/74424)
|
|
|
|
---
|
|
.../74474-apt_key-gpg-binary-import.yaml | 3 +++
|
|
lib/ansible/modules/apt_key.py | 5 ++++-
|
|
.../apt_key/samples/apt-key-example-binary.gpg | Bin 0 -> 1787 bytes
|
|
.../targets/apt_key/tasks/apt_key_binary.yml | 13 +++++++++++++
|
|
test/integration/targets/apt_key/tasks/main.yml | 3 +++
|
|
5 files changed, 23 insertions(+), 1 deletion(-)
|
|
create mode 100644 changelogs/fragments/74474-apt_key-gpg-binary-import.yaml
|
|
create mode 100644 test/integration/targets/apt_key/samples/apt-key-example-binary.gpg
|
|
create mode 100644 test/integration/targets/apt_key/tasks/apt_key_binary.yml
|
|
|
|
diff --git a/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml
|
|
new file mode 100644
|
|
index 00000000000000..47e416b94399cf
|
|
--- /dev/null
|
|
+++ b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml
|
|
@@ -0,0 +1,3 @@
|
|
+---
|
|
+bugfixes:
|
|
+ - Binary GnuPG keys downloaded via URLs by the 'ansible.builtin.apt_key' module were corrupted so 'gpg' could not import them (https://github.com/ansible/ansible/issues/74424).
|
|
diff --git a/lib/ansible/modules/apt_key.py b/lib/ansible/modules/apt_key.py
|
|
index 87b6410a630b70..58e23216a99e9f 100644
|
|
--- a/lib/ansible/modules/apt_key.py
|
|
+++ b/lib/ansible/modules/apt_key.py
|
|
@@ -283,12 +283,15 @@ def download_key(module, url):
|
|
|
|
def get_key_id_from_file(module, filename, data=None):
|
|
|
|
+ native_data = to_native(data)
|
|
+ is_armored = native_data.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0
|
|
+
|
|
global lang_env
|
|
key = None
|
|
|
|
cmd = [gpg_bin, '--with-colons', filename]
|
|
|
|
- (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=to_native(data))
|
|
+ (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=(native_data if is_armored else data), binary_data=not is_armored)
|
|
if rc != 0:
|
|
module.fail_json(msg="Unable to extract key from '%s'" % ('inline data' if data is None else filename), stdout=out, stderr=err)
|
|
|
|
diff --git a/test/integration/targets/apt_key/tasks/apt_key_binary.yml b/test/integration/targets/apt_key/tasks/apt_key_binary.yml
|
|
new file mode 100644
|
|
index 00000000000000..9f55b90dd2acea
|
|
--- /dev/null
|
|
+++ b/test/integration/targets/apt_key/tasks/apt_key_binary.yml
|
|
@@ -0,0 +1,13 @@
|
|
+---
|
|
+
|
|
+- name: Ensure import of binary key downloaded using URLs works
|
|
+ apt_key: url=https://packages.cloud.google.com/apt/doc/apt-key.gpg
|
|
+ # replace the above URL to the following, after the pull request is accepted
|
|
+ # apt_key: url=https://github.com/ansible/ansible/tree/devel/test/integration/targets/apt_key/samples/apt-key-example-binary.gpg
|
|
+ register: apt_key_binary_test
|
|
+
|
|
+- name: Validate the results
|
|
+ assert:
|
|
+ that:
|
|
+ - 'apt_key_binary_test.changed is defined'
|
|
+ - 'apt_key_binary_test.changed'
|
|
diff --git a/test/integration/targets/apt_key/tasks/main.yml b/test/integration/targets/apt_key/tasks/main.yml
|
|
index acafd3edda33a2..f5292d3a71e17b 100644
|
|
--- a/test/integration/targets/apt_key/tasks/main.yml
|
|
+++ b/test/integration/targets/apt_key/tasks/main.yml
|
|
@@ -29,3 +29,6 @@
|
|
|
|
- import_tasks: 'file.yml'
|
|
when: ansible_distribution in ('Ubuntu', 'Debian')
|
|
+
|
|
+- import_tasks: 'apt_key_binary.yml'
|
|
+ when: ansible_distribution in ('Ubuntu', 'Debian')
|