apt::source save some asc keys as charset=binary instead of charset=us-ascii

[beliys]

Describe the Bug

apt::source save some asc keys as charset=binary instead of charset=us-ascii. This breaks normal interaction with the repository

Expected Behavior

correct charset

Steps to Reproduce

Steps to reproduce the behavior:

1. Check timescaledb key manual:

   
   # wget -q https://packagecloud.io/timescale/timescaledb/gpgkey
   # file -bi gpgkey
   gpgkey: application/pgp-keys; charset=us-ascii
   # cat gpgkey
   -----BEGIN PGP PUBLIC KEY BLOCK-----
   Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFvJLPUBEADRmOvZZY3ssucB5y3oeD5Kg6IdgXxKVGuPXtUAUAG54zS76R3B qX6X+/Xyfb+czaInO5eo64gxk+02QL8Kscmzn3wgGUrXdrAQSECfBmT9gCpawi8c U9Frp8UufJetLZoiklEwl4HIM5tewwcWye5Y6yNZQPFRReClbkh0AsBQxpPHZkfM CpzAro4STmNNzXvYEIdJod1XuJ/gs9LwL6sDtD5SDiHWZOxk2C1tTg1w4lVsdGnm BH4Pf3Op/Or98SLJe8RQ2PfqR/d69SyG277Pl8Gw61jVvwa0PoYLdHzAyf3XPgYp nKaG6UbWmF5/bCJznMczz6f12EO+gDUkxNlw9t7fl0pkYduwOf2vdVCHQuMJ9dq4 2CufDcr/fMYsKDI33pSDrGbwT0pTCe4ivgvbfHxAWcXBKR9laPRxfvgumNS5kpuX MDEDaJD0yxS9RL76PSh9+EEwk9cNkLZ721kZHH2h10h1b158njPcYCpGcDVHDFU2 1sSdHART/vV7BB4aK2u6XK/+1vM2OezRAZ7a4C6lVqmBonLC5/AhmQYCNACWC0qR b900Ru3MJllvUmuN2iqcUcdr7T9MSUriaNSgC3uOeEOQ9qiNdao8+ShzCTH7hqnC LTaNWnbCbbli4ag1J6zMdrU64p/A3rfh33IGMHtm3AXZdu12HInEjYb9gQARAQAB tHJodHRwczovL3BhY2thZ2VjbG91ZC5pby90aW1lc2NhbGUvdGltZXNjYWxlZGIg KGh0dHBzOi8vcGFja2FnZWNsb3VkLmlvL2RvY3MjZ3BnX3NpZ25pbmcpIDxzdXBw b3J0QHBhY2thZ2VjbG91ZC5pbz6JAjgEEwECACIFAlvJLPUCGy8GCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJEFnxjt9H8kQXKgQP/1d7MOFCy7FpB0QYSPE6fN/z XQg9IX4XVw3iZxiKfXySdMyq9tkypVlw6VmhfsWMjmckmEbuQzVlmAiW+BkMcvRp dDS/XLUyGTfi/mwUl/YdJ1A/HP6DcEuVgm22U8BwJhdMTmnvl7ISdO59UQd827yk LC27xD3Y8qgJ2mtF0IYNoPiX5uwYI/HgFq9SfOIwdb74JmE+gUrzDJtEyTQ+3uV1 rgJkx2e1UCLWcrbggviRxCSHPSslGRCM9216ngZtqozTcdmmalsd9FP8GU3sQloL c5XbjWoguFqx3hCVcjucf43Aiu43EUNHIRmpSkTdjwdrD+W8TQEMTqP2yIvVoDr8 MJQpID4B8c4qOwX+rLeDMB4PjnzFTA3VUIxvHYzD6ikPdXOB65auxaDsga1zlNa/ 0u3WnH9rD0emcJUMTvo0CG8PtzzhFRO2NWy/buGFfcSZOMpEDs65E1u1x6hw1ija vGWP/pF0PA7RQJnPJy95HtdlZD+VnK2x33CBaT1Q55QhyDicoUCzoPzxO/j91cSs nXaYsQe3GsqlRY4pv9kjGANxP3YtrgZbuKfz1W5MhiuVaERvJfCgadGK5zqtXsHp jSPCTlJl6Q0GMmQPv8vV12JUsaXKymboqGQwVCX/30D8QHws9GT31j8IogPax3JP CWxM1fPFakGGynUXPzsouQINBFvJLPUBEADeVNpr5uBMF2PpWvIOHyhNJMcRrNP1 S2t4ZBVFQJJ+ur9PYxnOMY1XFL3RSqHMxWvAMGL5z1+EAIvIG9Pcr/q8VbBmZFUa 2rj+vnNXaNfSftSINTe3S6o34DjgRzzMfp6d21WCNYWKPd5lpRcYvh0cIXlSAA8c LGvugMzd/aT729K3SNXZIX6eTN1aC1crcI1po9MxDf7zy7oB/0plvc/dyP63wJfS 21hz1z+QHiC/6fuxxuCC0YunS4fc45tVdmVBDCMqsGQtvghH4tkj6zDHOWteAuCi scEBrr49rdejifscTn7iuyq1KAFsVH9+gmsXfmk5wUF4n2/PJCOGz/ZJuI4LaJwf +kv6057JB1NY2SWdoZG/NL5dslgytZph++XhqZbdE8rlBtUhqgs2Gq9SDYYhQuTr sGDtCYze3RUa4bW39SwAOS2wBNjA6X+tUG8QaDrEvk/33d+75/FRO1YSo+9Fkd3d ik1onUbNq23/vPgeajrIWDE0V7mfU1+ef/fpHUdUXgynuTdqO/acqtDMpNjeLaCf Z4nOVIGFA9u5PePvvZXfexC0rap7g3Z3Hx4g9dIqV6bJpwgSqKtkSyHZASlcT2ou 4jNmCGRpRACsU1FYwbJNtzY7+a3GVKxnzVtIYb17ues9tG0XRQlgo/tSwTGabSLB /QEhpgTCTej58wARAQABiQQ+BBgBAgAJBQJbySz1AhsuAikJEFnxjt9H8kQXwV0g BBkBAgAGBQJbySz1AAoJEOc5HJQIBCn/3D0QAM7anXRX/IZ8BWrSJatVsRoi7k4U OzsFKkx4z0lZHuyXmIhl9/8C7eOhjefeVhM+wy/1Fp7Cqn1FyUNDPLJ1wY3HWneE 3sAoca8A8+Pi1rneifFMfZ+pfR/Jrqo4Tww1ytM1ZFdpIHG83IXUCWnFLS0tpbIe LOt+jCDNHZMw16iWDEVhfMP5XXKBUSsZQAAhPrr+eiQnf39jPAYRMLzoOZ+p5wCV W+u6xKfTeQ32n/bp6+xWtcppnCGjHy/TXVb8ZWAvDgDDaflpLQUlMFbw2OWtb5gk wivtLY4npY2R5faK+uIUW7lrVFyW4VxhqtMj5DBn7h+CCg5sCnSe/eS2/uBCYv5a mzRDGDuPbC9pUOp/q1CqR0pF3VwDtmluywuvE1OPdttuBgVtEKUJlgM5GXkB4AJ7 myU9buQs2oQd2LIH7x06q+PYCtUd3vBQNJ5vvRYoEbJ0p+MKhz5SAnzeXRTMAhat L+uV2CIyMtxhedv89xDq4bHB+yZVH6p6nmvfIcFv6iSyLz5IWF1FcOXu42/RU2zc X+SY/Qc+XW12VqzNgqHJ/ldFoeyXcizlJoFXnfculy3c4+nrHvFnYbux+OpiiZ54 y98P8QB89IU6gi34RINcf997kOvxByt3Rxa5ErboCy5Wb9NwK5aKrUzvvASYPck/ iagKbXUUdshP9T8mQRoQAIfcHfhrAEJ6vED+fg0opUTS1DMW8waaUI7Q3X+JX3hX mhIJKNNQ6zFgoYHeqo72m6QvGDcAPPNuwaw+iccioZFZ6W7EftXA0XxqETQ6ha94 HWpRbz/fubQB3LnhbBxI0WYHly4MnjAtf/sLgbrKa1XgGygWXvcz2Ho9TSAzcgdA vRZCNI1nahQtGmmGnrer6UR8lSN7ko1U7BJk3HU3BKGeIUdrXbt056HNEN+RsnaB g5hAeKtrH+0HV4VEKpWFzBbU/pxue1B0DYw/EiwgR/qbMD5p6uZSzTJPQLDLIAHj Cke2CPugug//Iek6gcKDos6MN/sLMThwp2jvfYYhP9CEN1QGTqBFLhCRPRPRc5bN nv3z8jFBLzgn+4xt6yUwbI+/+OSQIA4QzhWwb7HpncSS9uHeUWrPn3Ji1lvqitZ4 FD9nQg8y+sDPGeaufjNSmjrkMAaG+zVUXlrNHmasxqoed1sD/+cy5jRAq3KinsNn CElDwLxTzOqyNBGlm9DvbxkQzgxzEwhNZu4NEZrfWa1d5fJgeJvguNg0YiV+KNsL b7IwsaWl08ddUWcq5OO2oi9R2re+KRc51v2L1KAkZdkliWuDTTnQulDtXc9DNA24 u1Ra8tSRkF7oOuVju59ItChbqEmwBRYLHWz3HjHa+kGaNwTtNk17AFneWzAjlKvy =8+gQ -----END PGP PUBLIC KEY BLOCK-----

2. Use key with `apt::source`

apt::source { 'timescaledb':
  ensure   => 'presen',
  location => 'https://packagecloud.io/timescale/timescaledb/debian/',
  release  => "${facts['os']['distro']['codename']}",
  repos    => 'main',
  pin      => '1001',
  key      => {
    name   => 'timescaledb.asc',
    source => 'https://packagecloud.io/timescale/timescaledb/gpgkey',
  },
  notify     => Class['apt::update']
}

}

3. Check puppet managed key

file -bi /etc/apt/keyrings/timescaledb.asc

application/gzip; charset=binary

cat /etc/apt/keyrings/timescaledb.asc

�)�9����?�!�5�~�'��b���j������]�=c�xb��D��X�� )�S2���)ܟ��a���{�/�/�����# ��W����� 7��▒ ��$l��A(��̞D>x1Xu�� �4��f�3�g%yK�/�\��.]qSr6Tx��L���j�i�ش�pv����V�g��[�h�ץm�bVֺ&S��R��a�s��0���%W�w�VZ;5b�7w�F���"��|b��������%����BS���m!f9�PN��-!$iv�t��?��e����s�hhV� �D"�4�EJ9���y�F�X�^{�Iodٽ�6���S"G�s���*��▒�p{�g ���#�ⱙ�L0����g�A�p��{+� T�����~���}M.W�Qi)_L���ۦ�Ĵ�����p�v�C@�>Q��}9������4gKgF��$��,#5���Ʃ�kf7I�˼�!�:���.t�$�b�� � ��l)�z�;��]wx�n ͜yY��.�;��$�Sq��)��Eύ�'#:�ù2Y�hnbCʥi�I�ģ��GĠKY��"��֣L▒�;��� |���,�f,�6��l��3▒����1�S��c�қ~%�e�Q��w�R�š񍂫�%��R��e��4ԑI�7A�!�5E�V��CC�#B�o��C�▒S����٤�ד�� ��������C�̷��!p ��L���㤛���U�S���S�j��iL��L��V�0̨ �p}7Z�Z+|W� �9�D�&ʼn}Y�c Di@Z��X��hͻ o'�����{������\��gm/����]�4ȶzv���j�-�e���AQ�� $�� ��Q��ֹ���ё��pڳr !��8��x4��JE�M|)�1�M��g�@r%δS~�3OIL�����W7�v-�}▒X����8-Ȗ���ƾ8G6���lN��▒�x������O�5�E��<t��Q2<L��X��|�5�g�=+1�iv <CV�~rZ7����Z���&r+�?� ����c� �?.Z��,f~�Gt���됣�'����K��~%�Z%�� �v4▒dz�_E����㋓(s{�Z�?��P�Kb�9�G�~%p�የO��&�!&4�/�!mKL��qy˻����(ʱ� [8n�7�d��=��\�KÙ�C�D�U��:wv�M�~%ƸL4ږN�w������'�}�%W%��Ɵy Wy��ɹ���K�{�<�Ç�[��}��8K��s!��xʒϕ�\�R�X�Ʌ�&�������t^h>������1-���"bN��|��6T=�Äٰ��EKU�}���▒>z�����,�Wp0���

�~];ǽ�}p�2����{��9}^%k;�Zƶ�K<��▒��ٹX3�]�^��۔k�d��3�f�՗i��װ�[��Dl@ S�>����Z��%���I��q�|�%���|��{��▒�z��\���ݼz�VD�u(E��� �J��EO��^��J;'�q��5��O�7O���_���P4I�=p8rF��́����K�A�ì���(/�|�/=▒,J��d/���v7�?P��OƷ��bl���$2􎛅yqX�Z����▒�/��se��T��ʙ�[��r�8]�"���${�n�1:S�؞�T�������0�+�I�ж�j�6�t�$u4�,��*�s�/N���6�e�,[�LŨ������L��L����X��;P����)����j),7@(��▒�L��!%��q�d�W{l���ϳ���W���J��őŧ�e��:x�,N$7�x{oj*|F� ��+3f �P����P4���18�6�.���� ߛ�b>)�D�J�q� j�k�R���~9ސc���懠��������5�▒�6�,▒k(Q�k2��k����O�p'�w�� �����+�O�n�,����D~͐�U P:�l�4 �ͱi6Lb�e�w� N�,x���K�n�=y��� �n��;����7����@� �U�� s���D�?�����������l�o��S�Jǥ�e1F%�����d��h刦���"fЌ���у� ?;▒�T}M����a�mWg�d4p�N�������苟�Tf�;�eb"��(�L<�ƹ�W�O�d{ȓ!�D���a#��▒�,�P��cq�Y�t�(�C��ݍf▒8,�!Q�_�gj�▒ǀ��L�b)Z���A1[1�����s\콡����܍)m�o<y/�s��Y MR������6i��-{�▒����^▒A%���5N����Pg�x i�!��h}��oð�G��H.��Dz�:$>cL�����,k�X����-d^�5 �E� �r0���{j��6�){)� ��/��ЪU��Nఒ���A��v�ɪ�;� ��ڤ����Ϧ:� ��HVmQ�CٷT(^����� � vm�흩B�DZ��:8SR���q�].�1Tm�-�����np�M�H��k8�wiu&�����n1�>Y�y,rx�!0�������Vc8��O�r��|��4�Wk=�gm�;�R ���Z�Ϯ▒�+j|�m�▒��ʹ&A���� �^��*�f�����K�1_xO����M�^�싏NHh�ʆ�T����c�qU��xMa�/��{�W�-Qeo~\ ��]w�sB�G�c���$wfE��l�73<5��@�+��S �7V�/�,▒�����V6���>�4m

## Environment
 - puppet version - v8.5.1
 - module version - v9.4.0
 - Platform - Debian 11 (bullseye)

[smortex]

This is not an apt-module issue, the key is just a wrapper around a file resource. I can reproduce the problem with Puppet 8.5.1:

file { '/tmp/timescaledb.asc':
  source => 'https://packagecloud.io/timescale/timescaledb/gpgkey',
}

After running this, /tmp/timescaledb.asc is the gzip compressed response from the server that Puppet should have decompressed. gunziping it result in the expected ASCII key.

What version of Puppet are you using (9.4.0 in your report does not exist)?

[beliys]

Thanks, good job. Puppet version - 8.5.1.

[smortex]

@beliys thanks! This is a puppet bug, so I opened https://github.com/puppetlabs/puppet/issues/9309 to track it at the source. I think we can close this issue as there is nothing more we can do at this level.

Thanks!