diff options
| author | Brian Coca <bcoca@users.noreply.github.com> | 2022-09-29 20:01:05 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-29 17:01:05 -0700 |
| commit | 7209c0b3d4ba18c63abd31b9fd015d306e6b9bee (patch) | |
| tree | 24b63136a71eefbbdd37c0d5e406256b0adcfa77 | |
| parent | 6b8432850f1cac69c3d8588be1514cbff3b1f392 (diff) | |
| download | ansible-7209c0b3d4ba18c63abd31b9fd015d306e6b9bee.tar.gz | |
apt_repository, handle both new/old gpgp stds (#78735) (#78909)
* apt_repository, handle both new/old gpgp stds
(cherry picked from commit c7cde2645dd213db9e505cd124d2e9933ef929f7)
| -rw-r--r-- | changelogs/fragments/apt_repo_trust_prefs.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/modules/apt_repository.py | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/changelogs/fragments/apt_repo_trust_prefs.yml b/changelogs/fragments/apt_repo_trust_prefs.yml new file mode 100644 index 0000000000..5e9b8aff47 --- /dev/null +++ b/changelogs/fragments/apt_repo_trust_prefs.yml @@ -0,0 +1,2 @@ +minor_changes: + - apt_repository will use the trust repo directories in order of preference (more appropriate to less) as they exist on the target. diff --git a/lib/ansible/modules/apt_repository.py b/lib/ansible/modules/apt_repository.py index 941d057904..de7586cd7a 100644 --- a/lib/ansible/modules/apt_repository.py +++ b/lib/ansible/modules/apt_repository.py @@ -177,8 +177,8 @@ except ImportError: HAVE_PYTHON_APT = False +APT_KEY_DIRS = ['/etc/apt/keyrings', '/etc/apt/trusted.gpg.d', '/usr/share/keyrings'] DEFAULT_SOURCES_PERM = 0o0644 - VALID_SOURCE_TYPES = ('deb', 'deb-src') @@ -482,7 +482,7 @@ class UbuntuSourcesList(SourcesList): found = False keyfiles = ['/etc/apt/trusted.gpg'] # main gpg repo for apt - for other_dir in ('/etc/apt/trusted.gpg.d', '/usr/share/keyrings'): + for other_dir in APT_KEY_DIRS: # add other known sources of gpg sigs for apt, skip hidden files keyfiles.extend([os.path.join(other_dir, x) for x in os.listdir(other_dir) if not x.startswith('.')]) @@ -522,7 +522,14 @@ class UbuntuSourcesList(SourcesList): command = [self.apt_key_bin, 'adv', '--recv-keys', '--no-tty', '--keyserver', 'hkp://keyserver.ubuntu.com:80', info['signing_key_fingerprint']] else: - keyfile = '/usr/share/keyrings/%s-%s-%s.gpg' % (os.path.basename(source).replace(' ', '-'), ppa_owner, ppa_name) + # use first available key dir, in order of preference + for keydir in APT_KEY_DIRS: + if os.path.exists(keydir): + break + else: + self.module.fail_json("Unable to find any existing apt gpgp repo directories, tried the following: %s" % ', '.join(APT_KEY_DIRS)) + + keyfile = '%s/%s-%s-%s.gpg' % (keydir, os.path.basename(source).replace(' ', '-'), ppa_owner, ppa_name) command = [self.gpg_bin, '--no-tty', '--keyserver', 'hkp://keyserver.ubuntu.com:80', '--export', info['signing_key_fingerprint']] rc, stdout, stderr = self.module.run_command(command, check_rc=True, encoding=None) |