a )g!@sddlmZmZmZeZdZdZdZddl Z ddl Z ddl Z ddl mZddlmZddlmZd d ZGd d d eZd dZedkredS))absolute_importdivisionprint_functiona --- module: rpm_key author: - Hector Acosta (@hacosta) short_description: Adds or removes a gpg key from the rpm db description: - Adds or removes (rpm --import) a gpg key to your rpm database. version_added: "1.3" options: key: description: - Key that will be modified. Can be a url, a file on the managed node, or a keyid if the key already exists in the database. type: str required: true state: description: - If the key will be imported or removed from the rpm db. type: str default: present choices: [ absent, present ] validate_certs: description: - If C(false) and the C(key) is a url starting with https, SSL certificates will not be validated. - This should only be used on personally controlled sites using self-signed certificates. type: bool default: 'yes' fingerprint: description: - The long-form fingerprint of the key being imported. - This will be used to verify the specified key. type: str version_added: 2.9 extends_documentation_fragment: - action_common_attributes attributes: check_mode: support: full diff_mode: support: none platform: platforms: rhel a - name: Import a key from a url ansible.builtin.rpm_key: state: present key: http://apt.sw.be/RPM-GPG-KEY.dag.txt - name: Import a key from a file ansible.builtin.rpm_key: state: present key: /path/to/key.gpg - name: Ensure a key is not present in the db ansible.builtin.rpm_key: state: absent key: DEADB33F - name: Verify the key, using a fingerprint, before import ansible.builtin.rpm_key: key: /path/to/RPM-GPG-KEY.dag.txt fingerprint: EBC6 E12C 62B1 C734 026B 2122 A20E 5214 6B8D 79E6 #N) AnsibleModule) fetch_url) to_nativecCs d}tt|t|ddtjS)zVerifies if string is a pubkeyzP.*?(-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----).*Zsurrogate_or_strict)errors)boolrematchrDOTALL)stringZ pgp_regexr;/usr/lib/python3.9/site-packages/ansible/modules/rpm_key.py is_pubkey[src@s\eZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ dS)RpmKeyc Csd}d}||_|jdd|_|jd}|jd}|jd}|rP|dd}|jd |_|jsv|jjd dd |_d |vr||}||}d}n>| |r|}n.t j |r|}||}n|jj d |d||}|dkrr||r|jddnl|s|jj dd|rH||}||krH|jj d||fd|||rd|j||jddn0||r|||jddn |jdddS)NFrpmTstatekey fingerprint gpgZgpg2)requiredz://zNot a valid key %smsgpresent)Zchangedz0When importing a key, a valid file must be givenzHThe specified fingerprint, '%s', does not match the key fingerprint '%s')moduleZ get_bin_pathrparamsreplaceupperr fetch_keygetkeyidis_keyidospathisfile fail_jsonnormalize_keyidis_key_importedZ exit_jsongetfingerprint import_keyZcleanupdrop_key) selfrkeyfileZshould_cleanup_keyfilerrrkeyidZhas_fingerprintrrr__init__csT                  zRpmKey.__init__cCst|j|\}}|ddkr6|jjd||dfd|}t|sX|jjd|dt\}}|j|t |d}| || |S)z;Downloads a key from url, returns a valid path to a gpg keystatusz)failed to fetch key at %s , error was: %srrzNot a public key: %szw+b) rrr(readrtempfileZmkstempZadd_cleanup_filer%fdopenwriteclose)r.urlZrspinforZtmpfdZtmpnameZtmpfilerrrr"s     zRpmKey.fetch_keycCs@|}|dr"|ddS|dr8|ddS|SdS)zhEnsure a keyid doesn't have a leading 0x, has leading or trailing whitespace, and make sure is uppercase0xNZ0X)stripr! startswith)r.r0retrrrr)s      zRpmKey.normalize_keyidcCs`||jdddd|g\}}|D](}|}|dr$|ddSq$|jjdd dS) N--no-tty--batch --with-colons--fixed-list-modezpub::Unexpected gpg outputrexecute_commandr splitlinesr=r>splitrr(r.r/stdoutstderrlinerrrr#s   zRpmKey.getkeyidc Csb||jddddd|g\}}|D](}|}|dr&|ddSq&|jjd d dS) Nr@rArBrCz--with-fingerprintzfpr:rD rFrrGrKrrrr+s    zRpmKey.getfingerprintcCstjd|tjdS)z5Verifies if a key, as provided by the user is a keyidz(0x)?[0-9a-f]{8})flags)r r IGNORECASE)r.Zkeystrrrrr$szRpmKey.is_keyidcCs4|jj|dd\}}}|dkr,|jj|d||fS)NT)Zuse_unsafe_shellrr)r run_commandr()r.cmdrcrLrMrrrrHszRpmKey.execute_commandcCsr|jd}|j|\}}}|dkr(dS|d|jd7}||\}}|D]}||ddvrPdSqPdS) Nz -q gpg-pubkeyrFz --qf "%{description}" | z3 --no-tty --batch --with-colons --fixed-list-mode -rDrET)rrrRrrHrIrJ)r.r0rSrTrLrMrNrrrr*s  zRpmKey.is_key_importedcCs|jjs||jd|gdS)Nz--import)r check_moderHr)r.r/rrrr,szRpmKey.import_keyc Cs0|jjs,||jddd|ddgdS)Nz--erasez --allmatchesz gpg-pubkey-%si)rrUrHrlower)r.r0rrrr-szRpmKey.drop_keyN) __name__ __module__ __qualname__r1r"r)r#r+r$rHr*r,r-rrrrras5   rc CsJtttddddgdtddddtddtd dd d dd }t|dS) NstrrZabsent)typedefaultchoicesTF)r[rZno_log)r[r )r[r\)rrrZvalidate_certs)Z argument_specZsupports_check_mode)rdictr)rrrrmains   r___main__)Z __future__rrrr[Z __metaclass__Z DOCUMENTATIONZEXAMPLESZRETURNr Zos.pathr%r5Zansible.module_utils.basicrZansible.module_utils.urlsrZansible.module_utils._textrrobjectrr_rWrrrrs -