From 7209c0b3d4ba18c63abd31b9fd015d306e6b9bee Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Thu, 29 Sep 2022 20:01:05 -0400 Subject: [PATCH] apt_repository, handle both new/old gpgp stds (#78735) (#78909) * apt_repository, handle both new/old gpgp stds (cherry picked from commit c7cde2645dd213db9e505cd124d2e9933ef929f7) --- changelogs/fragments/apt_repo_trust_prefs.yml | 2 ++ lib/ansible/modules/apt_repository.py | 13 ++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/apt_repo_trust_prefs.yml diff --git a/changelogs/fragments/apt_repo_trust_prefs.yml b/changelogs/fragments/apt_repo_trust_prefs.yml new file mode 100644 index 00000000000..5e9b8aff474 --- /dev/null +++ b/changelogs/fragments/apt_repo_trust_prefs.yml @@ -0,0 +1,2 @@ +minor_changes: + - apt_repository will use the trust repo directories in order of preference (more appropriate to less) as they exist on the target. diff --git a/lib/ansible/modules/apt_repository.py b/lib/ansible/modules/apt_repository.py index 941d0579049..de7586cd7a7 100644 --- a/lib/ansible/modules/apt_repository.py +++ b/lib/ansible/modules/apt_repository.py @@ -177,8 +177,8 @@ except ImportError: HAVE_PYTHON_APT = False +APT_KEY_DIRS = ['/etc/apt/keyrings', '/etc/apt/trusted.gpg.d', '/usr/share/keyrings'] DEFAULT_SOURCES_PERM = 0o0644 - VALID_SOURCE_TYPES = ('deb', 'deb-src') @@ -482,7 +482,7 @@ class UbuntuSourcesList(SourcesList): found = False keyfiles = ['/etc/apt/trusted.gpg'] # main gpg repo for apt - for other_dir in ('/etc/apt/trusted.gpg.d', '/usr/share/keyrings'): + for other_dir in APT_KEY_DIRS: # add other known sources of gpg sigs for apt, skip hidden files keyfiles.extend([os.path.join(other_dir, x) for x in os.listdir(other_dir) if not x.startswith('.')]) @@ -522,7 +522,14 @@ class UbuntuSourcesList(SourcesList): command = [self.apt_key_bin, 'adv', '--recv-keys', '--no-tty', '--keyserver', 'hkp://keyserver.ubuntu.com:80', info['signing_key_fingerprint']] else: - keyfile = '/usr/share/keyrings/%s-%s-%s.gpg' % (os.path.basename(source).replace(' ', '-'), ppa_owner, ppa_name) + # use first available key dir, in order of preference + for keydir in APT_KEY_DIRS: + if os.path.exists(keydir): + break + else: + self.module.fail_json("Unable to find any existing apt gpgp repo directories, tried the following: %s" % ', '.join(APT_KEY_DIRS)) + + keyfile = '%s/%s-%s-%s.gpg' % (keydir, os.path.basename(source).replace(' ', '-'), ppa_owner, ppa_name) command = [self.gpg_bin, '--no-tty', '--keyserver', 'hkp://keyserver.ubuntu.com:80', '--export', info['signing_key_fingerprint']] rc, stdout, stderr = self.module.run_command(command, check_rc=True, encoding=None)