1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Suggest full fingerprint for apt_key. (#44697)

* Suggest full fingerprint for apt_key.
Background: https://gwolf.org/node/4070 (Gunnar Wolf: Stop it with those short PGP key IDs!)
I've put the full fingerprint into the examples.
* avoids the phrase 'best practice'
This commit is contained in:
julianladisch 2018-09-14 21:50:46 +02:00 committed by Alicia Cozine
parent 4ec317ceca
commit 5adcaf4538

View file

@ -25,7 +25,9 @@ description:
notes: notes:
- Doesn't download the key unless it really needs it. - Doesn't download the key unless it really needs it.
- As a sanity check, downloaded key id must match the one specified. - As a sanity check, downloaded key id must match the one specified.
- Best practice is to specify the key id and the URL. - "Use full fingerprint (40 characters) key ids to avoid key collisions.
To generate a full-fingerprint imported key: C(apt-key adv --list-public-keys --with-fingerprint --with-colons)."
- If you specify both the key id and the URL with C(state=present), the task can verify or add the key as needed.
- Adding a new key requires an apt cache update (e.g. using the apt module's update_cache option) - Adding a new key requires an apt cache update (e.g. using the apt module's update_cache option)
options: options:
id: id:
@ -77,13 +79,13 @@ EXAMPLES = '''
- name: Add an Apt signing key, will not download if present - name: Add an Apt signing key, will not download if present
apt_key: apt_key:
id: 473041FA id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
state: present state: present
- name: Remove a Apt specific signing key, leading 0x is valid - name: Remove a Apt specific signing key, leading 0x is valid
apt_key: apt_key:
id: 0x473041FA id: 0x9FED2BCBDCD29CDF762678CBAED4B06F473041FA
state: absent state: absent
# Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type. # Use armored file since utf-8 string is expected. Must be of "PGP PUBLIC KEY BLOCK" type.
@ -94,13 +96,13 @@ EXAMPLES = '''
- name: Add an Apt signing key to a specific keyring file - name: Add an Apt signing key to a specific keyring file
apt_key: apt_key:
id: 473041FA id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
url: https://ftp-master.debian.org/keys/archive-key-6.0.asc url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
keyring: /etc/apt/trusted.gpg.d/debian.gpg keyring: /etc/apt/trusted.gpg.d/debian.gpg
- name: Add Apt signing key on remote server to keyring - name: Add Apt signing key on remote server to keyring
apt_key: apt_key:
id: 473041FA id: 9FED2BCBDCD29CDF762678CBAED4B06F473041FA
file: /tmp/apt.gpg file: /tmp/apt.gpg
state: present state: present
''' '''