search

puppetlabs / puppetlabs-apt

Puppet module to help manage Apt
https://forge.puppetlabs.com/puppetlabs/apt
Apache License 2.0
216 stars 463 forks source link

Support dearmor GPG key for keyring #1163

Closed daisukixci closed 5 months ago

daisukixci commented 5 months ago

Use Case

Some provider we use like Google, Hashicorp only provide ASCII armored gpg key (if I did not miss anything), which seems to not work with the apt keyring mechanism implemented to fix #1034 as from my understanding apt expect binary gpg keys.

Describe the Solution You Would Like

Having a boolean parameter in apt::keyring to specify if the key is armored and dearmor it if necessary

Describe Alternatives You've Considered

Manually dearmore GPG keys and self host them either in puppet code or third party solution

Additional Context

n/a

kenyon commented 5 months ago

ASCII armored keys are supported. You have to name them with a .asc extension if ASCII armored, and .gpg if binary. This is an APT thing, not an issue with this module. This is documented: https://github.com/puppetlabs/puppetlabs-apt/blob/0871cadcdcbc5f0e6540298fa11e9a3ebe884735/README.md?plain=1#L70

kenyon commented 5 months ago

Also note that there is a bug in APT that causes it to fail if ASCII armored keys use Windows/DOS text format. You'll want to dos2unix the file first, if you find such a key. Reference: https://salsa.debian.org/apt-team/apt/-/merge_requests/309

daisukixci commented 5 months ago

Gotcha sorry for the trouble and thanks for the quick answer!