archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Apt key bye (#84555)

Browse Source 
* apt-key module updates due to debian removal

Still kept for now for backwards compat, but removing from testing when not present
And adding more explicit mesasges to errors to point to new module

* added docs and error msg

* clog

* aslkdfj

* no docs to document doc changes

* also add warning to apt_repository

* clog on apt_repo too

* fix string concat

* Apply suggestions from code review

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>

---------

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
pull/84588/head
Brian Coca 11 months ago committed by GitHub
parent 689c047e3a
commit 4953fc7b26
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 35 additions and 14 deletions
Show Stats Download Patch File Download Diff File

5
changelogs/fragments/apt_key_bye.yml
Unescape Escape View File

@ -0,0 +1,5 @@
minor_changes:
- apt_key module - add notes to docs and errors to point at the CLI tool deprecation by Debian and alternatives
- apt_repository module - add notes to errors to point at the CLI tool deprecation by Debian and alternatives
bugfixes:
- apt_key module - prevent tests from running when apt-key was removed

15
lib/ansible/modules/apt_key.py
Unescape Escape View File

@ -33,6 +33,8 @@ notes:
To generate a full-fingerprint imported key: C(apt-key adv --list-public-keys --with-fingerprint --with-colons)." To generate a full-fingerprint imported key: C(apt-key adv --list-public-keys --with-fingerprint --with-colons)."
- If you specify both the key O(id) and the O(url) with O(state=present), the task can verify or add the key as needed. - If you specify both the key O(id) and the O(url) with O(state=present), the task can verify or add the key as needed.
- Adding a new key requires an apt cache update (e.g. using the M(ansible.builtin.apt) module's C(update_cache) option). - Adding a new key requires an apt cache update (e.g. using the M(ansible.builtin.apt) module's C(update_cache) option).
- The C(apt-key) utility has been deprecated and removed in modern debian versions, use M(ansible.legacy.deb822_repository) as an alternative
to M(ansible.legacy.apt_repository) + apt_key combinations.
requirements: requirements:
- gpg - gpg
seealso: seealso:
@ -170,7 +172,6 @@ short_id:
import os import os
# FIXME: standardize into module_common
from traceback import format_exc from traceback import format_exc
from ansible.module_utils.common.text.converters import to_native from ansible.module_utils.common.text.converters import to_native
@ -196,8 +197,16 @@ def lang_env(module):
def find_needed_binaries(module): def find_needed_binaries(module):
global apt_key_bin global apt_key_bin
global gpg_bin global gpg_bin
apt_key_bin = module.get_bin_path('apt-key', required=True)
gpg_bin = module.get_bin_path('gpg', required=True) try:
apt_key_bin = module.get_bin_path('apt-key', required=True)
except ValueError as e:
module.exit_json(f'{to_native(e)}. Apt-key has been deprecated. See the deb822_repository as an alternative.')
try:
gpg_bin = module.get_bin_path('gpg', required=True)
except ValueError as e:
module.exit_json(msg=to_native(e))
def add_http_proxy(cmd): def add_http_proxy(cmd):

5
lib/ansible/modules/apt_repository.py
Unescape Escape View File

@ -475,7 +475,10 @@ class UbuntuSourcesList(SourcesList):
self.apt_key_bin = self.module.get_bin_path('apt-key', required=False) self.apt_key_bin = self.module.get_bin_path('apt-key', required=False)
self.gpg_bin = self.module.get_bin_path('gpg', required=False) self.gpg_bin = self.module.get_bin_path('gpg', required=False)
if not self.apt_key_bin and not self.gpg_bin: if not self.apt_key_bin and not self.gpg_bin:
self.module.fail_json(msg='Either apt-key or gpg binary is required, but neither could be found') msg = 'Either apt-key or gpg binary is required, but neither could be found.' \
'The apt-key CLI has been deprecated and removed in modern Debian and derivatives, ' \
'you might want to use "deb822_repository" instead.'
self.module.fail_json(msg)
def __deepcopy__(self, memo=None): def __deepcopy__(self, memo=None):
return UbuntuSourcesList(self.module) return UbuntuSourcesList(self.module)

24
test/integration/targets/apt_key/tasks/main.yml
Unescape Escape View File

@ -16,14 +16,18 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>. # along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- import_tasks: 'apt_key.yml' - name: apt key tests
when: ansible_distribution in ('Ubuntu', 'Debian') when:
- ansible_distribution in ('Ubuntu', 'Debian')
block:
- shell: which apt-key
ignore_errors: True
register: has_aptkey
- import_tasks: 'apt_key_inline_data.yml' - name: actually test if i have apt-key
when: ansible_distribution in ('Ubuntu', 'Debian') when: has_aptkey is success
block:
- import_tasks: 'file.yml' - import_tasks: 'apt_key.yml'
when: ansible_distribution in ('Ubuntu', 'Debian') - import_tasks: 'apt_key_inline_data.yml'
- import_tasks: 'file.yml'
- import_tasks: 'apt_key_binary.yml' - import_tasks: 'apt_key_binary.yml'
when: ansible_distribution in ('Ubuntu', 'Debian')

Write Preview
Loading…
Cancel
Save