From: tiger-jmw <jmw@tiger-computing.co.uk>
Date: Wed, 5 Apr 2017 12:04:54 +0000 (+0100)
Subject: Ignore subkeys in apt-key's output
X-Git-Tag: 4.2.0~11^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=fea38ed46825dd1aecfd613074789c75deafb6b7;hp=30298508223bac5946acb2cd0c38e0899c574876;p=puppet-modules%2Fpuppetlabs-apt.git

Ignore subkeys in apt-key's output

The output of `apt-key adv --list-keys --with-colons --fingerprint --fixed-list-mode` is always a `pub` line followed by one of more `fpr` lines (for subkeys, if any). This can cause the wrong pairs of `pub` and `fpr` lines to be hashed, resulting in nonsense.

The ordering `pub`, `fpr`, `pub`, `fpr` is guaranteed by `apt-key`.

Therefore, this commit clears `fpr_line` when a `pub` line is encountered, to reset the grouping. The current code ignores subkeys anyway, so this is no more bad.
---

diff --git a/lib/puppet/provider/apt_key/apt_key.rb b/lib/puppet/provider/apt_key/apt_key.rb
index d7e85da..5895b31 100644
--- a/lib/puppet/provider/apt_key/apt_key.rb
+++ b/lib/puppet/provider/apt_key/apt_key.rb
@@ -31,6 +31,8 @@ Puppet::Type.type(:apt_key).provide(:apt_key) do
     key_array = key_output.split("\n").collect do |line|
       if line.start_with?('pub')
           pub_line = line
+          # reset fpr_line, to skip any previous subkeys which were collected
+          fpr_line = nil
       elsif line.start_with?('fpr')
           fpr_line = line
       end