Code Review / puppet-modules / puppetlabs-apt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 3029850)
Ignore subkeys in apt-key's output
authortiger-jmw <jmw@tiger-computing.co.uk>
Wed, 5 Apr 2017 12:04:54 +0000 (13:04 +0100)
committerGitHub <noreply@github.com>
Wed, 5 Apr 2017 12:04:54 +0000 (13:04 +0100)
The output of `apt-key adv --list-keys --with-colons --fingerprint --fixed-list-mode` is always a `pub` line followed by one of more `fpr` lines (for subkeys, if any). This can cause the wrong pairs of `pub` and `fpr` lines to be hashed, resulting in nonsense.

The ordering `pub`, `fpr`, `pub`, `fpr` is guaranteed by `apt-key`.

Therefore, this commit clears `fpr_line` when a `pub` line is encountered, to reset the grouping. The current code ignores subkeys anyway, so this is no more bad.

lib/puppet/provider/apt_key/apt_key.rb patch | blob | history

diff --git a/lib/puppet/provider/apt_key/apt_key.rb b/lib/puppet/provider/apt_key/apt_key.rb
index d7e85dafaf5a1e6ab762153f137394a49cc52d47..5895b3162d4ddf3d996e92518560b81731959462 100644 (file)
--- a/lib/puppet/provider/apt_key/apt_key.rb
+++ b/lib/puppet/provider/apt_key/apt_key.rb
@@ -31,6 +31,8 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
     key_array = key_output.split("\n").collect do |line|
       if line.start_with?('pub')
           pub_line = line
+          # reset fpr_line, to skip any previous subkeys which were collected
+          fpr_line = nil
       elsif line.start_with?('fpr')
           fpr_line = line
       end