diff options
author | Tim Smith <tsmith@chef.io> | 2020-06-05 09:59:48 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-06-05 09:59:48 -0700 |
commit | 2e4f66d2588e6b87e82d4d94d0f51cb09d1ae39f (patch) | |
tree | f377f9169e3a32c059012f237c51e3e9059f1975 /lib | |
parent | 62a36c04a7b99494b84ae6f30c5a4e1c8cd13ce3 (diff) | |
parent | 41687b7de9f5c3d022bfc6f8293e33e80ce143db (diff) | |
download | chef-2e4f66d2588e6b87e82d4d94d0f51cb09d1ae39f.tar.gz |
Merge pull request #9956 from chef/zypper_repository
Fix zypper_repository key handling on SLES 15+
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef/provider/zypper_repository.rb | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/lib/chef/provider/zypper_repository.rb b/lib/chef/provider/zypper_repository.rb index 5dc5c999a4..4602d804b9 100644 --- a/lib/chef/provider/zypper_repository.rb +++ b/lib/chef/provider/zypper_repository.rb @@ -115,28 +115,48 @@ class Chef end end + # the version of gpg installed on the system + # + # @return [Gem::Version] the version of GPG + def gpg_version + so = shell_out!("gpg --version") + # matches 2.0 and 2.2 versions from SLES 12 and 15: https://rubular.com/r/e6D0WfGK6SXvUp + version = /gpg \(GnuPG\)\s*(.*)/.match(so.stdout)[1] + logger.trace("GPG package version is #{version}") + Gem::Version.new(version) + end + # is the provided key already installed # @param [String] key_path the path to the key on the local filesystem # # @return [boolean] is the key already known by rpm def key_installed?(key_path) - so = shell_out("rpm -qa gpg-pubkey*") + so = shell_out("/bin/rpm -qa gpg-pubkey*") # expected output & match: http://rubular.com/r/RdF7EcXEtb - status = /gpg-pubkey-#{key_fingerprint(key_path)}/.match(so.stdout) + status = /gpg-pubkey-#{short_key_id(key_path)}/.match(so.stdout) logger.trace("GPG key at #{key_path} is known by rpm? #{status ? "true" : "false"}") status end - # extract the gpg key fingerprint from a local file + # extract the gpg key's short key id from a local file. Learning moment: This 8 hex value ID + # is sometimes incorrectly called the fingerprint. The fingerprint is the full length value + # and googling for that will just result in sad times. + # # @param [String] key_path the path to the key on the local filesystem # - # @return [String] the fingerprint of the key - def key_fingerprint(key_path) - so = shell_out!("gpg --with-fingerprint #{key_path}") - # expected output and match: http://rubular.com/r/BpfMjxySQM - fingerprint = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase - logger.trace("GPG fingerprint of key at #{key_path} is #{fingerprint}") - fingerprint + # @return [String] the short key id of the key + def short_key_id(key_path) + if gpg_version >= Gem::Version.new("2.2") # SLES 15+ + so = shell_out!("gpg --import-options import-show --dry-run --import --with-colons #{key_path}") + # expected output and match: https://rubular.com/r/uXWJo3yfkli1qA + short_key_id = /fpr:*\h*(\h{8}):/.match(so.stdout)[1].downcase + else # SLES 12 and earlier + so = shell_out!("gpg --with-fingerprint #{key_path}") + # expected output and match: http://rubular.com/r/BpfMjxySQM + short_key_id = %r{pub\s*\S*/(\S*)}.match(so.stdout)[1].downcase + end + logger.trace("GPG short key ID of key at #{key_path} is #{short_key_id}") + short_key_id end # install the provided gpg key |