+ # confirm that the fingerprint from the file, matches the long key that is in the manifest
+ if name.size == 40
+ if File.executable? command(:gpg)
+ extracted_key = execute(["#{command(:gpg)} --no-tty --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false)
+ extracted_key = extracted_key.chomp
+
+ found_match = false
+ extracted_key.each_line do |line|
+ if line.chomp == name
+ found_match = true
+ end
+ end
+ unless found_match
+ raise(_('The id in your manifest %{_resource} and the fingerprint from content/source don\'t match. Check for an error in the id and content/source is legitimate.') % { _resource: resource[:name] }) # rubocop:disable Metrics/LineLength
+ end
+ else
+ warning('/usr/bin/gpg cannot be found for verification of the id.')
+ end
+ end
+ file
+ end
+
+ # Update a key if it is expired
+ def update_expired_key
+ # Return without doing anything if refresh or expired is false
+ return unless resource[:refresh] == true && resource[:expired] == true
+
+ # Execute command to update key
+ command = []
+
+ unless resource[:source].nil? && resource[:content].nil?
+ raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] })
+ end
+
+ # Breaking up the command like this is needed because it blows up
+ # if --recv-keys isn't the last argument.
+ command.push('adv', '--no-tty', '--keyserver', resource[:server])
+ unless resource[:options].nil?
+ command.push('--keyserver-options', resource[:options])
+ end
+ command.push('--recv-keys', resource[:id])