diff options
author | Maxim Masiutin <maxim@masiutin.com> | 2021-05-17 13:35:02 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-17 05:35:02 -0500 |
commit | 71fc9ec3936d42bb162ae8751881800575871d62 (patch) | |
tree | 2c1f9b1a25b7d5f6426086fe6feb485e1c6bbef8 | |
parent | 5b0a3ac43dfc189e17a3bd88f2081a5978b2fd3d (diff) | |
download | ansible-71fc9ec3936d42bb162ae8751881800575871d62.tar.gz |
[bp-2.11]: apt_key - Binary GnuPG keys downloaded via URL were corrupted (#74522)
* Binary GnuPG keys downloaded via URLs by the 'ansible.builtin.apt_key' module were corrupted so 'gpg' could not import them (https://github.com/ansible/ansible/issues/74424)
(cherry picked from commit 03750708710b2e44a7ffa068c65f969ae4ed51f1)
(cherry picked from commit 4cc80ef9c95e6eaf8d21415778dd984adcf088f9)
-rw-r--r-- | changelogs/fragments/74474-apt_key-gpg-binary-import.yaml | 2 | ||||
-rw-r--r-- | lib/ansible/modules/apt_key.py | 5 | ||||
-rw-r--r-- | test/integration/targets/apt_key/tasks/apt_key_binary.yml | 12 | ||||
-rw-r--r-- | test/integration/targets/apt_key/tasks/main.yml | 3 |
4 files changed, 21 insertions, 1 deletions
diff --git a/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml new file mode 100644 index 0000000000..e6568efdbe --- /dev/null +++ b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml @@ -0,0 +1,2 @@ +bugfixes: + - apt_key - Binary GnuPG keys downloaded via URLs were corrupted so GnuPG could not import them (https://github.com/ansible/ansible/issues/74424). diff --git a/lib/ansible/modules/apt_key.py b/lib/ansible/modules/apt_key.py index 804d0d3ae5..4a8e968c3a 100644 --- a/lib/ansible/modules/apt_key.py +++ b/lib/ansible/modules/apt_key.py @@ -283,12 +283,15 @@ def download_key(module, url): def get_key_id_from_file(module, filename, data=None): + native_data = to_native(data) + is_armored = native_data.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0 + global lang_env key = None cmd = [gpg_bin, '--with-colons', filename] - (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=to_native(data)) + (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=(native_data if is_armored else data), binary_data=not is_armored) if rc != 0: module.fail_json(msg="Unable to extract key from '%s'" % ('inline data' if data is not None else filename), stdout=out, stderr=err) diff --git a/test/integration/targets/apt_key/tasks/apt_key_binary.yml b/test/integration/targets/apt_key/tasks/apt_key_binary.yml new file mode 100644 index 0000000000..4a351446b0 --- /dev/null +++ b/test/integration/targets/apt_key/tasks/apt_key_binary.yml @@ -0,0 +1,12 @@ +--- + +- name: Ensure import of binary key downloaded using URLs works + apt_key: + url: https://ansible-ci-files.s3.us-east-1.amazonaws.com/test/integration/targets/apt_key/apt-key-example-binary.gpg + register: apt_key_binary_test + +- name: Validate the results + assert: + that: + - 'apt_key_binary_test.changed is defined' + - 'apt_key_binary_test.changed' diff --git a/test/integration/targets/apt_key/tasks/main.yml b/test/integration/targets/apt_key/tasks/main.yml index 9c571f4355..9ef44e456e 100644 --- a/test/integration/targets/apt_key/tasks/main.yml +++ b/test/integration/targets/apt_key/tasks/main.yml @@ -32,3 +32,6 @@ - import_tasks: 'file.yml' when: ansible_distribution in ('Ubuntu', 'Debian') + +- import_tasks: 'apt_key_binary.yml' + when: ansible_distribution in ('Ubuntu', 'Debian') |