Suggest full fingerprint for apt_key. (#44697)

* Suggest full fingerprint for apt_key.
Background: https://gwolf.org/node/4070 (Gunnar Wolf: Stop it with those short PGP key IDs!)
I've put the full fingerprint into the examples.
* avoids the phrase 'best practice'
pull/45673/head
julianladisch 6 years ago committed by Alicia Cozine
parent 4ec317ceca
commit 5adcaf4538

@ -25,7 +25,9 @@ description:
notes:
- Doesn't download the key unless it really needs it.
- As a sanity check, downloaded key id must match the one specified.
- Best practice is to specify the key id and the URL.
- "Use full fingerprint (40 characters) key ids to avoid key collisions.
To generate a full-fingerprint imported key: C(apt-key adv --list-public-keys --with-fingerprint --with-colons)."
- If you specify both the key id and the URL with C(state=present), the task can verify or add the key as needed.
- Adding a new key requires an apt cache update (e.g. using the apt module's update_cache option)
options:
id:
@ -77,13 +79,13 @@ EXAMPLES = '''
- name: Add an Apt signing key, will not download if present
apt_key:
id: 473041FA
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
state: present
- name: Remove a Apt specific signing key, leading 0x is valid
apt_key:
id: 0x473041FA
id: 0x9FED2BCBDCD29CDF762678CBAED4B06F473041FA
state: absent
# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
@ -94,13 +96,13 @@ EXAMPLES = '''
- name: Add an Apt signing key to a specific keyring file
apt_key:
id: 473041FA
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
keyring: /etc/apt/trusted.gpg.d/debian.gpg
- name: Add Apt signing key on remote server to keyring
apt_key:
id: 473041FA
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
file: /tmp/apt.gpg
state: present
'''

Loading…
Cancel
Save