diff options
author | Tim Smith <tsmith84@gmail.com> | 2020-06-04 16:03:29 -0700 |
---|---|---|
committer | Tim Smith <tsmith84@gmail.com> | 2020-06-23 08:56:08 -0700 |
commit | d543623491683340c7d85815aba1cebead2c3552 (patch) | |
tree | 1a258b6a62be3bc340bc92e35544284b83cbcf73 | |
parent | 461ec1574d59780dfc91bd3b0520072221fb216d (diff) | |
download | chef-d543623491683340c7d85815aba1cebead2c3552.tar.gz |
Fix zypper_repository key handling on SLES 15+
gpg 2.2 changed the output without a major version bump. Now we need to
get the gpg version and then shell out the appropriate command to
determine the fingerprint.
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/chef/provider/zypper_repository.rb | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/lib/chef/provider/zypper_repository.rb b/lib/chef/provider/zypper_repository.rb index 5dc5c999a4..d3c0fa25b7 100644 --- a/lib/chef/provider/zypper_repository.rb +++ b/lib/chef/provider/zypper_repository.rb @@ -115,12 +115,23 @@ class Chef end end + # the version of gpg installed on the system + # + # @return [Gem::Version] the version of GPG + def gpg_version + so = shell_out("gpg --version") + # matches 2.0 and 2.2 versions from SLES 12 and 15: https://rubular.com/r/e6D0WfGK6SXvUp + version = %r{gpg \(GnuPG\)\s*(.*)}.match(so.stdout)[1] + logger.trace("GPG package version is #{version}") + version + end + # is the provided key already installed # @param [String] key_path the path to the key on the local filesystem # # @return [boolean] is the key already known by rpm def key_installed?(key_path) - so = shell_out("rpm -qa gpg-pubkey*") + so = shell_out("/bin/rpm -qa gpg-pubkey*") # expected output & match: http://rubular.com/r/RdF7EcXEtb status = /gpg-pubkey-#{key_fingerprint(key_path)}/.match(so.stdout) logger.trace("GPG key at #{key_path} is known by rpm? #{status ? "true" : "false"}") @@ -132,9 +143,15 @@ class Chef # # @return [String] the fingerprint of the key def key_fingerprint(key_path) - so = shell_out!("gpg --with-fingerprint #{key_path}") - # expected output and match: http://rubular.com/r/BpfMjxySQM - fingerprint = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase + if gpg_version >= Gem::Version.new("2.2") # SLES 15+ + so = shell_out!("gpg --import-options import-show --dry-run --import #{key_path}") + # expected output and match: https://rubular.com/r/WARlJQBo0IdP7h + fingerprint = %r{key \h*(\h{8}):}.match(so.stdout)[1].downcase + else # SLES 12 and earlier + so = shell_out!("gpg --with-fingerprint #{key_path}") + # expected output and match: http://rubular.com/r/BpfMjxySQM + fingerprint = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase + end logger.trace("GPG fingerprint of key at #{key_path} is #{fingerprint}") fingerprint end |