Open anselmic opened 5 days ago
It'll be easier to troubleshoot this if you provide the puppet code you're using. Also, there is no need to censor the key IDs, those are not secret.
If the key is in binary format, it needs to be named with a .gpg
extension. If it's ASCII-armored, it needs to be named with a .asc
extension. Also, if it's ASCII-armored, it needs to have Unix line endings (that is, do dos2unix
on it).
GM,
I am not sure it is a format problem, because the key had the .asc extension and I created it on Linux with
gpg --armor --export 3AA5C34371567BD2 > mykey.asc
However, I have changed my key from ASCII-armored to binary and it currently works. However, there are cases in which this is not possible. For example, I have the same problem with Wazuh. The key is ASCII-armored, but it does not have the .asc extension.
I am using the module with Foreman, the relevant conf is:
wazuh: source: https://packages.wazuh.com/key/GPG-KEY-WAZUH dir: "/usr/share/keyrings" filename: wazuh.gpg
Again, if I download the key with curl and import with gpg it works, but not with puppet. It would be preferable to have an internal control of the key format, if possible, or to pass the information with an option.
Thank you!
Update: the problem seems to be that if the original key is ASCII-armored, it is saved by puppet as ASCII independently of the keyring extension. So, if the latter is .gpg, it does not work because the system expects a binary file.
The filename you use with puppet has to match the content of the file, so that the resulting file on the filesystem has the correct name. Puppet doesn't care about the content of the file, it just writes to disk whatever it is given. It is apt
that requires the correct filename: https://manpages.debian.org/unstable/apt/apt-key.8.en.html#SUPPORTED_KEYRING_FILES
So I don't think there is a bug here.
Indeed, https://packages.wazuh.com/key/GPG-KEY-WAZUH is ASCII-armored, so your code with wazuh.gpg
is incorrect. You need to call it wazuh.asc
.
Describe the Bug
I'm using puppet to store a keyring to a file
Expected Behavior
The module creates a file, but it cannot be read by apt and apt-key
Steps to Reproduce
Steps to reproduce the behavior:
Environment