summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
7c48eb2)
If one should happen to have redirected /usr/bin/gpg to run GnuPG 2.x
rather than the more usual GnuPG 1.x, the apt_key provider fails with
the following error:
Could not prefetch apt_key provider 'apt_key': invalid date
This is because the output of "--with-colons" defaults to using
"fixed-list-mode" in 2.x but did not do so for 1.x. This new format
gives much more information about keys and also uses timestamps in
seconds from 1970-01-01 (UNIX epoch) rather than dates in the format
YYYY-MM-DD.
This patch adds "--fixed-list-mode" when calling apt-key, and adjusts
the code to parse the timestamps instead. This actually has several
advantages:
- Works the same with GnuPG 1.x and 2.x.
- More accurate expiry time tracking, not just entire days.
- No need to require 'date' any longer.
- Will allow the provider to expose more key information in future.
Tested on:
- Debian Wheezy (Puppet 2.7.23, Ruby 1.8.7p358)
- Debian Jessie (Puppet 3.7.2, Ruby 2.1.5p273)
require 'open-uri'
require 'net/ftp'
require 'tempfile'
require 'open-uri'
require 'net/ftp'
require 'tempfile'
commands :gpg => '/usr/bin/gpg'
def self.instances
commands :gpg => '/usr/bin/gpg'
def self.instances
- cli_args = ['adv','--list-keys', '--with-colons', '--fingerprint']
+ cli_args = ['adv','--list-keys', '--with-colons', '--fingerprint', '--fixed-list-mode']
if RUBY_VERSION > '1.8.7'
key_output = apt_key(cli_args).encode('UTF-8', 'binary', :invalid => :replace, :undef => :replace, :replace => '')
if RUBY_VERSION > '1.8.7'
key_output = apt_key(cli_args).encode('UTF-8', 'binary', :invalid => :replace, :undef => :replace, :replace => '')
expired = false
if line_hash[:key_expiry]
expired = false
if line_hash[:key_expiry]
- expired = Date.today > Date.parse(line_hash[:key_expiry])
+ expired = Time.now >= line_hash[:key_expiry]
:long => line_hash[:key_long],
:ensure => :present,
:expired => expired,
:long => line_hash[:key_long],
:ensure => :present,
:expired => expired,
- :expiry => line_hash[:key_expiry],
+ :expiry => line_hash[:key_expiry].nil? ? nil : line_hash[:key_expiry].strftime("%Y-%m-%d"),
:size => line_hash[:key_size],
:type => line_hash[:key_type],
:size => line_hash[:key_size],
:type => line_hash[:key_type],
- :created => line_hash[:key_created]
+ :created => line_hash[:key_created].strftime("%Y-%m-%d")
:key_short => fingerprint[-8..-1], # last 8 characters of fingerprint
:key_size => pub_split[2],
:key_type => nil,
:key_short => fingerprint[-8..-1], # last 8 characters of fingerprint
:key_size => pub_split[2],
:key_type => nil,
- :key_created => pub_split[5],
- :key_expiry => pub_split[6].empty? ? nil : pub_split[6],
+ :key_created => Time.at(pub_split[5].to_i),
+ :key_expiry => pub_split[6].empty? ? nil : Time.at(pub_split[6].to_i),
}
# set key type based on types defined in /usr/share/doc/gnupg/DETAILS.gz
}
# set key type based on types defined in /usr/share/doc/gnupg/DETAILS.gz