Closed daisukixci closed 5 months ago
ASCII armored keys are supported. You have to name them with a .asc
extension if ASCII armored, and .gpg
if binary. This is an APT thing, not an issue with this module. This is documented: https://github.com/puppetlabs/puppetlabs-apt/blob/0871cadcdcbc5f0e6540298fa11e9a3ebe884735/README.md?plain=1#L70
Also note that there is a bug in APT that causes it to fail if ASCII armored keys use Windows/DOS text format. You'll want to dos2unix
the file first, if you find such a key. Reference: https://salsa.debian.org/apt-team/apt/-/merge_requests/309
Gotcha sorry for the trouble and thanks for the quick answer!
Use Case
Some provider we use like Google, Hashicorp only provide ASCII armored gpg key (if I did not miss anything), which seems to not work with the apt keyring mechanism implemented to fix #1034 as from my understanding apt expect binary gpg keys.
Describe the Solution You Would Like
Having a boolean parameter in apt::keyring to specify if the key is armored and dearmor it if necessary
Describe Alternatives You've Considered
Manually dearmore GPG keys and self host them either in puppet code or third party solution
Additional Context
n/a