The apt_key module did not properly handle GnuPG errors for certain actions (#74478)

* Not all GnuPG return codes were analyzed (rc != 0) and not all relevant GnuPG error information was returned by the 'ansible.builtin.apt_key' module (https://github.com/ansible/ansible/issues/74477)

* Update changelogs/fragments/74478-apt_key-gpg-error-check.yaml

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
pull/74531/head
Maxim Masiutin 4 years ago committed by GitHub
parent 38fb05102c
commit daecb30ac9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,2 @@
bugfixes:
- The ``apt_key`` module did not properly handle GnuPG errors (https://github.com/ansible/ansible/issues/74477)

@ -253,6 +253,8 @@ def all_keys(module, keyring, short_format):
else: else:
cmd = "%s adv --list-public-keys --keyid-format=long" % apt_key_bin cmd = "%s adv --list-public-keys --keyid-format=long" % apt_key_bin
(rc, out, err) = module.run_command(cmd) (rc, out, err) = module.run_command(cmd)
if rc != 0:
module.fail_json(msg="Unable to list public keys", cmd=cmd, rc=rc, stdout=out, stderr=err)
return parse_output_for_keys(out, short_format) return parse_output_for_keys(out, short_format)
@ -326,10 +328,10 @@ def import_key(module, keyring, keyserver, key_id):
# Out of retries # Out of retries
if rc == 2 and 'not found on keyserver' in out: if rc == 2 and 'not found on keyserver' in out:
msg = 'Key %s not found on keyserver %s' % (key_id, keyserver) msg = 'Key %s not found on keyserver %s' % (key_id, keyserver)
module.fail_json(cmd=cmd, msg=msg) module.fail_json(cmd=cmd, msg=msg, forced_environment=lang_env)
else: else:
msg = "Error fetching key %s from keyserver: %s" % (key_id, keyserver) msg = "Error fetching key %s from keyserver: %s" % (key_id, keyserver)
module.fail_json(cmd=cmd, msg=msg, rc=rc, stdout=out, stderr=err) module.fail_json(cmd=cmd, msg=msg, forced_environment=lang_env, rc=rc, stdout=out, stderr=err)
return True return True
@ -339,23 +341,48 @@ def add_key(module, keyfile, keyring, data=None):
cmd = "%s --keyring %s add -" % (apt_key_bin, keyring) cmd = "%s --keyring %s add -" % (apt_key_bin, keyring)
else: else:
cmd = "%s add -" % apt_key_bin cmd = "%s add -" % apt_key_bin
(rc, out, err) = module.run_command(cmd, data=data, check_rc=True, binary_data=True) (rc, out, err) = module.run_command(cmd, data=data, binary_data=True)
if rc != 0:
module.fail_json(
msg="Unable to add a key from binary data",
cmd=cmd,
rc=rc,
stdout=out,
stderr=err,
)
else: else:
if keyring: if keyring:
cmd = "%s --keyring %s add %s" % (apt_key_bin, keyring, keyfile) cmd = "%s --keyring %s add %s" % (apt_key_bin, keyring, keyfile)
else: else:
cmd = "%s add %s" % (apt_key_bin, keyfile) cmd = "%s add %s" % (apt_key_bin, keyfile)
(rc, out, err) = module.run_command(cmd, check_rc=True) (rc, out, err) = module.run_command(cmd)
if rc != 0:
module.fail_json(
msg="Unable to add a key from file %s" % (keyfile),
cmd=cmd,
rc=rc,
keyfile=keyfile,
stdout=out,
stderr=err,
)
return True return True
def remove_key(module, key_id, keyring): def remove_key(module, key_id, keyring):
# FIXME: use module.run_command, fail at point of error and don't discard useful stdin/stdout
if keyring: if keyring:
cmd = '%s --keyring %s del %s' % (apt_key_bin, keyring, key_id) cmd = '%s --keyring %s del %s' % (apt_key_bin, keyring, key_id)
else: else:
cmd = '%s del %s' % (apt_key_bin, key_id) cmd = '%s del %s' % (apt_key_bin, key_id)
(rc, out, err) = module.run_command(cmd, check_rc=True) (rc, out, err) = module.run_command(cmd)
if rc != 0:
module.fail_json(
msg="Unable to remove a key with id %s" % (key_id),
cmd=cmd,
rc=rc,
key_id=key_id,
stdout=out,
stderr=err,
)
return True return True

Loading…
Cancel
Save