diff --git a/changelogs/fragments/apt_key_bye.yml b/changelogs/fragments/apt_key_bye.yml new file mode 100644 index 00000000000..a1792fd9c7c --- /dev/null +++ b/changelogs/fragments/apt_key_bye.yml @@ -0,0 +1,5 @@ +minor_changes: + - apt_key module - add notes to docs and errors to point at the CLI tool deprecation by Debian and alternatives + - apt_repository module - add notes to errors to point at the CLI tool deprecation by Debian and alternatives +bugfixes: + - apt_key module - prevent tests from running when apt-key was removed diff --git a/lib/ansible/modules/apt_key.py b/lib/ansible/modules/apt_key.py index 3828f9a882b..8ae5c77dbfb 100644 --- a/lib/ansible/modules/apt_key.py +++ b/lib/ansible/modules/apt_key.py @@ -33,6 +33,8 @@ notes: To generate a full-fingerprint imported key: C(apt-key adv --list-public-keys --with-fingerprint --with-colons)." - If you specify both the key O(id) and the O(url) with O(state=present), the task can verify or add the key as needed. - Adding a new key requires an apt cache update (e.g. using the M(ansible.builtin.apt) module's C(update_cache) option). + - The C(apt-key) utility has been deprecated and removed in modern debian versions, use M(ansible.legacy.deb822_repository) as an alternative + to M(ansible.legacy.apt_repository) + apt_key combinations. requirements: - gpg seealso: @@ -170,7 +172,6 @@ short_id: import os -# FIXME: standardize into module_common from traceback import format_exc from ansible.module_utils.common.text.converters import to_native @@ -196,8 +197,16 @@ def lang_env(module): def find_needed_binaries(module): global apt_key_bin global gpg_bin - apt_key_bin = module.get_bin_path('apt-key', required=True) - gpg_bin = module.get_bin_path('gpg', required=True) + + try: + apt_key_bin = module.get_bin_path('apt-key', required=True) + except ValueError as e: + module.exit_json(f'{to_native(e)}. Apt-key has been deprecated. See the deb822_repository as an alternative.') + + try: + gpg_bin = module.get_bin_path('gpg', required=True) + except ValueError as e: + module.exit_json(msg=to_native(e)) def add_http_proxy(cmd): diff --git a/lib/ansible/modules/apt_repository.py b/lib/ansible/modules/apt_repository.py index 27efa187b5b..39b2e58b83a 100644 --- a/lib/ansible/modules/apt_repository.py +++ b/lib/ansible/modules/apt_repository.py @@ -475,7 +475,10 @@ class UbuntuSourcesList(SourcesList): self.apt_key_bin = self.module.get_bin_path('apt-key', required=False) self.gpg_bin = self.module.get_bin_path('gpg', required=False) if not self.apt_key_bin and not self.gpg_bin: - self.module.fail_json(msg='Either apt-key or gpg binary is required, but neither could be found') + msg = 'Either apt-key or gpg binary is required, but neither could be found.' \ + 'The apt-key CLI has been deprecated and removed in modern Debian and derivatives, ' \ + 'you might want to use "deb822_repository" instead.' + self.module.fail_json(msg) def __deepcopy__(self, memo=None): return UbuntuSourcesList(self.module) diff --git a/test/integration/targets/apt_key/tasks/main.yml b/test/integration/targets/apt_key/tasks/main.yml index 7aee56a77ef..5dcf5eb6336 100644 --- a/test/integration/targets/apt_key/tasks/main.yml +++ b/test/integration/targets/apt_key/tasks/main.yml @@ -16,14 +16,18 @@ # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . -- import_tasks: 'apt_key.yml' - when: ansible_distribution in ('Ubuntu', 'Debian') +- name: apt key tests + when: + - ansible_distribution in ('Ubuntu', 'Debian') + block: + - shell: which apt-key + ignore_errors: True + register: has_aptkey -- import_tasks: 'apt_key_inline_data.yml' - when: ansible_distribution in ('Ubuntu', 'Debian') - -- import_tasks: 'file.yml' - when: ansible_distribution in ('Ubuntu', 'Debian') - -- import_tasks: 'apt_key_binary.yml' - when: ansible_distribution in ('Ubuntu', 'Debian') + - name: actually test if i have apt-key + when: has_aptkey is success + block: + - import_tasks: 'apt_key.yml' + - import_tasks: 'apt_key_inline_data.yml' + - import_tasks: 'file.yml' + - import_tasks: 'apt_key_binary.yml'