mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Suggest full fingerprint for apt_key. (#44697)
* Suggest full fingerprint for apt_key. Background: https://gwolf.org/node/4070 (Gunnar Wolf: Stop it with those short PGP key IDs!) I've put the full fingerprint into the examples. * avoids the phrase 'best practice'
This commit is contained in:
parent
4ec317ceca
commit
5adcaf4538
1 changed files with 7 additions and 5 deletions
|
@ -25,7 +25,9 @@ description:
|
||||||
notes:
|
notes:
|
||||||
- Doesn't download the key unless it really needs it.
|
- Doesn't download the key unless it really needs it.
|
||||||
- As a sanity check, downloaded key id must match the one specified.
|
- As a sanity check, downloaded key id must match the one specified.
|
||||||
- Best practice is to specify the key id and the URL.
|
- "Use full fingerprint (40 characters) key ids to avoid key collisions.
|
||||||
|
To generate a full-fingerprint imported key: C(apt-key adv --list-public-keys --with-fingerprint --with-colons)."
|
||||||
|
- If you specify both the key id and the URL with C(state=present), the task can verify or add the key as needed.
|
||||||
- Adding a new key requires an apt cache update (e.g. using the apt module's update_cache option)
|
- Adding a new key requires an apt cache update (e.g. using the apt module's update_cache option)
|
||||||
options:
|
options:
|
||||||
id:
|
id:
|
||||||
|
@ -77,13 +79,13 @@ EXAMPLES = '''
|
||||||
|
|
||||||
- name: Add an Apt signing key, will not download if present
|
- name: Add an Apt signing key, will not download if present
|
||||||
apt_key:
|
apt_key:
|
||||||
id: 473041FA
|
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
|
||||||
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
|
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Remove a Apt specific signing key, leading 0x is valid
|
- name: Remove a Apt specific signing key, leading 0x is valid
|
||||||
apt_key:
|
apt_key:
|
||||||
id: 0x473041FA
|
id: 0x9FED2BCBDCD29CDF762678CBAED4B06F473041FA
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
|
# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
|
||||||
|
@ -94,13 +96,13 @@ EXAMPLES = '''
|
||||||
|
|
||||||
- name: Add an Apt signing key to a specific keyring file
|
- name: Add an Apt signing key to a specific keyring file
|
||||||
apt_key:
|
apt_key:
|
||||||
id: 473041FA
|
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
|
||||||
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
|
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
|
||||||
keyring: /etc/apt/trusted.gpg.d/debian.gpg
|
keyring: /etc/apt/trusted.gpg.d/debian.gpg
|
||||||
|
|
||||||
- name: Add Apt signing key on remote server to keyring
|
- name: Add Apt signing key on remote server to keyring
|
||||||
apt_key:
|
apt_key:
|
||||||
id: 473041FA
|
id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
|
||||||
file: /tmp/apt.gpg
|
file: /tmp/apt.gpg
|
||||||
state: present
|
state: present
|
||||||
'''
|
'''
|
||||||
|
|
Loading…
Reference in a new issue