X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=lib%2Fpuppet%2Fprovider%2Fapt_key%2Fapt_key.rb;h=56f9a072e518b25c83f06c4a5c846dc7492dbbfe;hb=49fda9c00394544b509cbea813d3907934b4a64c;hp=5a66e34dce9e22e60edd730312f12fc1e3e4d675;hpb=9f2fd0cb6d191e7883a140fb160d8fefaa685a66;p=puppet-modules%2Fpuppetlabs-apt.git

diff --git a/lib/puppet/provider/apt_key/apt_key.rb b/lib/puppet/provider/apt_key/apt_key.rb
index 5a66e34..56f9a07 100644
--- a/lib/puppet/provider/apt_key/apt_key.rb
+++ b/lib/puppet/provider/apt_key/apt_key.rb
@@ -1,15 +1,9 @@
+# frozen_string_literal: true
+
 require 'open-uri'
 require 'net/ftp'
 require 'tempfile'
 
-if RUBY_VERSION == '1.8.7'
-  # Mothers cry, puppies die and Ruby 1.8.7's open-uri needs to be
-  # monkeypatched to support passing in :ftp_passive_mode.
-  require File.expand_path(File.join(File.dirname(__FILE__), '..', '..', '..',
-                                     'puppet_x', 'apt_key', 'patch_openuri.rb'))
-  OpenURI::Options[:ftp_active_mode] = false
-end
-
 Puppet::Type.type(:apt_key).provide(:apt_key) do
   desc 'apt-key provider for apt_key resource'
 
@@ -19,7 +13,7 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
   commands   gpg: '/usr/bin/gpg'
 
   def self.instances
-    cli_args = ['adv', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode']
+    cli_args = ['adv', '--no-tty', '--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode']
 
     key_output = apt_key(cli_args).encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '')
 
@@ -134,7 +128,11 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
         # Only send basic auth if URL contains userinfo
         # Some webservers (e.g. Amazon S3) return code 400 if empty basic auth is sent
         if parsed_value.userinfo.nil?
-          key = parsed_value.read
+          key = if parsed_value.scheme == 'https' && resource[:weak_ssl] == true
+                  open(parsed_value, ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE).read
+                else
+                  parsed_value.read
+                end
         else
           user_pass = parsed_value.userinfo.split(':')
           parsed_value.userinfo = ''
@@ -160,7 +158,7 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
     # confirm that the fingerprint from the file, matches the long key that is in the manifest
     if name.size == 40
       if File.executable? command(:gpg)
-        extracted_key = execute(["#{command(:gpg)} --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false)
+        extracted_key = execute(["#{command(:gpg)} --no-tty --with-fingerprint --with-colons #{file.path} | awk -F: '/^fpr:/ { print $10 }'"], failonfail: false)
         extracted_key = extracted_key.chomp
 
         found_match = false
@@ -170,7 +168,7 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
           end
         end
         unless found_match
-          raise(_('The id in your manifest %{_resource} and the fingerprint from content/source don\'t match. Check for an error in the id and content/source is legitimate.') % { _resource: resource[:name] }) # rubocop:disable Metrics/LineLength
+          raise(_('The id in your manifest %{_resource} and the fingerprint from content/source don\'t match. Check for an error in the id and content/source is legitimate.') % { _resource: resource[:name] }) # rubocop:disable Layout/LineLength
         end
       else
         warning('/usr/bin/gpg cannot be found for verification of the id.')
@@ -179,29 +177,7 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
     file
   end
 
-  # Update a key if it is expired
-  def update_expired_key
-    # Return without doing anything if refresh or expired is false
-    return unless resource[:refresh] == true && resource[:expired] == true
-
-    # Execute command to update key
-    command = []
-
-    unless resource[:source].nil? && resource[:content].nil?
-      raise(_('an unexpected condition occurred while trying to add the key: %{_resource}') % { _resource: resource[:id] })
-    end
-
-    # Breaking up the command like this is needed because it blows up
-    # if --recv-keys isn't the last argument.
-    command.push('adv', '--keyserver', resource[:server])
-    unless resource[:options].nil?
-      command.push('--keyserver-options', resource[:options])
-    end
-    command.push('--recv-keys', resource[:id])
-  end
-
   def exists?
-    update_expired_key
     # report expired keys as non-existing when refresh => true
     @property_hash[:ensure] == :present && !(resource[:refresh] && @property_hash[:expired])
   end
@@ -211,7 +187,7 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
     if resource[:source].nil? && resource[:content].nil?
       # Breaking up the command like this is needed because it blows up
       # if --recv-keys isn't the last argument.
-      command.push('adv', '--keyserver', resource[:server])
+      command.push('adv', '--no-tty', '--keyserver', resource[:server])
       unless resource[:options].nil?
         command.push('--keyserver-options', resource[:options])
       end
@@ -245,12 +221,6 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
 
   mk_resource_methods
 
-  # Needed until PUP-1470 is fixed and we can drop support for Puppet versions
-  # before that.
-  def expired
-    @property_hash[:expired]
-  end
-
   # Alias the setters of read-only properties
   # to the read_only function.
   alias_method :created=, :read_only