From 03750708710b2e44a7ffa068c65f969ae4ed51f1 Mon Sep 17 00:00:00 2001
From: Maxim Masiutin <maxim@masiutin.com>
Date: Wed, 28 Apr 2021 08:27:38 +0200
Subject: [PATCH] Binary GnuPG keys downloaded via URLs by the
 'ansible.builtin.apt_key' module were corrupted so 'gpg' could not import
 them (https://github.com/ansible/ansible/issues/74424)

---
 .../74474-apt_key-gpg-binary-import.yaml         |   3 +++
 lib/ansible/modules/apt_key.py                   |   5 ++++-
 .../apt_key/samples/apt-key-example-binary.gpg   | Bin 0 -> 1787 bytes
 .../targets/apt_key/tasks/apt_key_binary.yml     |  13 +++++++++++++
 test/integration/targets/apt_key/tasks/main.yml  |   3 +++
 5 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/74474-apt_key-gpg-binary-import.yaml
 create mode 100644 test/integration/targets/apt_key/samples/apt-key-example-binary.gpg
 create mode 100644 test/integration/targets/apt_key/tasks/apt_key_binary.yml

diff --git a/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml
new file mode 100644
index 00000000000..47e416b9439
--- /dev/null
+++ b/changelogs/fragments/74474-apt_key-gpg-binary-import.yaml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - Binary GnuPG keys downloaded via URLs by the 'ansible.builtin.apt_key' module were corrupted so 'gpg' could not import them (https://github.com/ansible/ansible/issues/74424).
diff --git a/lib/ansible/modules/apt_key.py b/lib/ansible/modules/apt_key.py
index 87b6410a630..58e23216a99 100644
--- a/lib/ansible/modules/apt_key.py
+++ b/lib/ansible/modules/apt_key.py
@@ -283,12 +283,15 @@ def download_key(module, url):
 
 def get_key_id_from_file(module, filename, data=None):
 
+    native_data = to_native(data)
+    is_armored = native_data.find("-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0
+
     global lang_env
     key = None
 
     cmd = [gpg_bin, '--with-colons', filename]
 
-    (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=to_native(data))
+    (rc, out, err) = module.run_command(cmd, environ_update=lang_env, data=(native_data if is_armored else data), binary_data=not is_armored)
     if rc != 0:
         module.fail_json(msg="Unable to extract key from '%s'" % ('inline data' if data is None else filename), stdout=out, stderr=err)
 
diff --git a/test/integration/targets/apt_key/samples/apt-key-example-binary.gpg b/test/integration/targets/apt_key/samples/apt-key-example-binary.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..3b81faed1f7d4cebf42cb0fb75744dae19860a5a
GIT binary patch
literal 1787
zcmajec{Cdc0tWD0uE;D>;?_u8M@-$vAQi!=TM<RwiV1=^T6g1$I7)+I-P$6h>MC`m
zrA$|mI3|v^t|G23Eu|<eW_RD4xBK>=`SW|<_uuz^#lUQc7qtZegaKI7c>rm6{-&`&
zNtBxK-H1y(?2oqWM)R=rv28DBT)NSgtcR6TTErvMjUixmvuT)#)8zL(d^|#zjVj@k
zeQp#x5&HUMhaE|A9w>%bTxVg$QjRnVk3;+C%u0wk8BrEHkZamXX(k-0w;JD>;=Oul
zA*`svhwW;x;p{@0ScLn=Has#TkGUZ|y_w!C?o{-JP-k2-?;oV}0GY@xwk1%0GfR*y
zk&P*To03ByG{dA#paaQt-A<Kh<_dPDmg?j|F`vECbmtD(de|)3C(y|6z$UBW*u%a_
zVR808pZ{%=ae>T(iCY;e9Yg?QbYy((MR50*k6D)wPc0HJt*uP8W0h&DfJx44v#yi@
zx$8DkN9FN`6$~M=4kB!7A4Iw4?n>{!^u+)4aMl}buXQ~0`D&v}pFh92_1uYkE(1(o
zVSD2*gC%<=s%u(QedRoP_q5LQ*D6fE#7xfP)#>%gL;ox-t*=cj&PZxk$cx`esN8vO
zrWhX$Y?w^|2mt}WHe0-3L?qHEAjCU725IRRgH*tUL<IN{{gD4xC?YZ8{x{XNRkfA<
zqP>GjL_g(#klWtG0AIsDb7=T41{uIn$T=Vs@DoB7!e2#Q?jyB&wXVn8&^317)!3O|
z=K}rvevl-Xi=U5|2gEG`<>TcCK@cD?5F`Txi6#P|e1d<Dt(0JZRB}~CA`R|~)3fYR
z!!!+Wz0P@l1@mxV%Y-?*p(4tFz{e~@yxLGr4yB2<^n*-S;5}6_n}|;dKC5n2d8LHP
zPc-Kwk<jz1UPWv+z{M1&<2kOy&4_T^la0*QK!typC?*dLbT$V;FbOyN%ieb?>prvM
zS`(f@cm8nZn&UWItx`6=Htsx+U?qXn1DLN$Zau&628F>cmz|#&o*TPs(S70rLo;gT
z?LYM^vjXd$*u3Q><_<38)w~SC8cLK|OmVF;DXV(FbGp@Om;pWZJXozg1E`vku3?2k
z<P=<1l=|!qTkf5DrC*Nw%0r3ps^4?vS&N^B?jsDQ`rKug02Kj`J&04aMK3ZX@mH0`
zG`Y89TdaucEu6^Z!sukF-FT1BHrYM20eXMX6`ykC!ZfX-0juP87Q1TVOsu;XxwBZX
zv|mde)i3vVoqx$mpv<_ILj$u3wpiGnT%}S6Qn4oAJxC`T9U(frDbU$DCKej?zyxJr
zZ<*xQ^<S}FmZJ0$HMnNov$NBY5rn9`_g$m88?Nc2o1JNiqdV1R2KRYleA)%uf?Tbg
z@o-x~5XQg8l2CLg)7<|-NEy{`JmKbW79PS-&k1?bV<5ah^I)k~hAu6X$zUCB?4G{I
z1W3y3fVQ8?KMec0z9jk0QXenRyBYZAks584r!YBx@51d$Y3;Mp!QP|oUw!wf@U36e
zO~|4c@ID?a{ZxiUJp7i8VoKdwMQ=2ErcgTvhl(RjeE<HqEme{Wrz@2AH8m#koTEZq
z{e@+2v5M`|M<_wL1~<;~Q#+gSvEA3#1c0cm5pEaj`inQr)2rrMa!X&mxz~PYp<$3x
zbR7LoKs5p7rS4d?WgxuId3?P|k6xTG!O)-T@B7FVtPKXZD~n@6MgIt~XngZlzex8D
zY5Wk)5h9^O5^`b1>@Rmj#0SbN-r)*(2f9mEWa#TR1;0&dd~4w!7JPPfnfg2XR?>6p
z4#+w~<6QR^30@Q_Yk+?7URT)f-jU)=8%4YIKVmb0?GUkl0Ym-;FxdY>3Jl;s20OT`
zN2A5<`z{@bbqmB0fmzosHd?D>kt@iZ)0DJS$Q{;hYn6U=m$!s@wkDs~acOSMSJqj<
z5g~I4g{$v@h%O?$`KB60<%z8XR7tb$cb-5q`L&-~4doU!y^MrgHD#FgNLnblgQPM1
zDwzy3m6)>`;Q$TtEWVrX`r*~E1aK3TFOQ)Sc;Zy=VcjouKrw2}=b0)l{7pUuq-l0|
z;ruR^nc3lKzui`<!v-%84WVCZxoGjZ(CUOc7ONt%k|ujr*0aOGfD!s*LDc;*)(=0A
zT5>J)qQanJbINuV1rFWKUU3o{o7-Q?SpX(;&^VJVLE7uBn-S3JNr`K^coO`9plLXy
z;)sy{G?A}9Z3hQCAZeYU-D}Z5ChJBOG^e<e48m+wj>8(oO|VdgRBs15sjEjsrNA?e
zQ3PnVjf~A}aDH!n_|6=!ujWZ@bwN<}ekM8lJc~6w{qb*iv!MJUes&jO`Unh;+6R{&
QiyJ;ZfWGFP7A9B!0pN{1<p2Nx

literal 0
HcmV?d00001

diff --git a/test/integration/targets/apt_key/tasks/apt_key_binary.yml b/test/integration/targets/apt_key/tasks/apt_key_binary.yml
new file mode 100644
index 00000000000..9f55b90dd2a
--- /dev/null
+++ b/test/integration/targets/apt_key/tasks/apt_key_binary.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Ensure import of binary key downloaded using URLs works
+  apt_key: url=https://packages.cloud.google.com/apt/doc/apt-key.gpg
+  # replace the above URL to the following, after the pull request is accepted
+  # apt_key: url=https://github.com/ansible/ansible/tree/devel/test/integration/targets/apt_key/samples/apt-key-example-binary.gpg
+  register: apt_key_binary_test
+
+- name: Validate the results
+  assert:
+      that:
+          - 'apt_key_binary_test.changed is defined'
+          - 'apt_key_binary_test.changed'
diff --git a/test/integration/targets/apt_key/tasks/main.yml b/test/integration/targets/apt_key/tasks/main.yml
index acafd3edda3..f5292d3a71e 100644
--- a/test/integration/targets/apt_key/tasks/main.yml
+++ b/test/integration/targets/apt_key/tasks/main.yml
@@ -29,3 +29,6 @@
   
 - import_tasks: 'file.yml'
   when: ansible_distribution in ('Ubuntu', 'Debian')
+
+- import_tasks: 'apt_key_binary.yml'
+  when: ansible_distribution in ('Ubuntu', 'Debian')