Vh +ddlmZmZmZeZdZdZdZddl Z ddl Z ddl m Z ddlmZddlmZGd d eZd Zed k(reyy) )absolute_importdivisionprint_functiona' module: pacman_key author: - George Rawlinson (@grawlinson) version_added: "3.2.0" short_description: Manage pacman's list of trusted keys description: - Add or remove gpg keys from the pacman keyring. notes: - Use full-length key ID (40 characters). - Keys will be verified when using O(data), O(file), or O(url) unless O(verify) is overridden. - Keys will be locally signed after being imported into the keyring. - If the key ID exists in the keyring, the key will not be added unless O(force_update) is specified. - O(data), O(file), O(url), and O(keyserver) are mutually exclusive. requirements: - gpg - pacman-key extends_documentation_fragment: - community.general.attributes attributes: check_mode: support: full diff_mode: support: none options: id: description: - The 40 character identifier of the key. - Including this allows check mode to correctly report the changed state. - Do not specify a subkey ID, instead specify the primary key ID. required: true type: str data: description: - The keyfile contents to add to the keyring. - Must be of C(PGP PUBLIC KEY BLOCK) type. type: str file: description: - The path to a keyfile on the remote server to add to the keyring. - Remote file must be of C(PGP PUBLIC KEY BLOCK) type. type: path url: description: - The URL to retrieve keyfile from. - Remote file must be of C(PGP PUBLIC KEY BLOCK) type. type: str keyserver: description: - The keyserver used to retrieve key from. type: str verify: description: - Whether or not to verify the keyfile's key ID against specified key ID. type: bool default: true force_update: description: - This forces the key to be updated if it already exists in the keyring. type: bool default: false keyring: description: - The full path to the keyring folder on the remote server. - If not specified, module will use pacman's default (V(/etc/pacman.d/gnupg)). - Useful if the remote system requires an alternative gnupg directory. type: path default: /etc/pacman.d/gnupg state: description: - Ensures that the key is present (added) or absent (revoked). default: present choices: [absent, present] type: str a - name: Import a key via local file community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 data: "{{ lookup('file', 'keyfile.asc') }}" state: present - name: Import a key via remote file community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 file: /tmp/keyfile.asc state: present - name: Import a key via url community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 url: https://domain.tld/keys/keyfile.asc state: present - name: Import a key via keyserver community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 keyserver: keyserver.domain.tld - name: Import a key into an alternative keyring community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 file: /tmp/keyfile.asc keyring: /etc/pacman.d/gnupg-alternative - name: Remove a key from the keyring community.general.pacman_key: id: 01234567890ABCDE01234567890ABCDE12345678 state: absent z # N) AnsibleModule) fetch_url) to_nativecNeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z y ) PacmanKeyc||_|jdd|_|jdd|_|jd}|jd}|jd}|jd}|jd }|jd }|jd }|jd } |jd } d|_|j |}|j| |} |jrN| dk(r| xr|xs| } |j| n+| dk(r&| r|jd|jd| dk(r| r|s|jd|r8|j|}|j| ||||jdy|r'|j| ||||jdy|rI|j|}|j|}|j| ||||jdy|r&|j| |||jdyy| dk(r9| r$|j| ||jd|jdyy)NgpgT)requiredz pacman-keyidurldatafile keyserververify force_updatekeyringstate(present)changedabsentF)module get_bin_pathr pacman_keyparams keylengthsanitise_keyidkey_in_keyring check_mode exit_jsonsave_keyadd_key fetch_keyrecv_key remove_key) selfrkeyidrrrrrrrr key_presentrs p/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/pacman_key.py__init__zPacmanKey.__init__si &&ut&< --lT-J d#mmE"}}V$}}V$MM+. x(}}^4 -- * g&##E*))'59     !&7<K O   1("$$T$2   / I <   /}}T* WdE6:   . WdE6:   .~~c*}}T* WdE6:   . gui8   .h /   .   U  + c< t|dy#t$rYywxYw)z,Check if a given string is valid hexadecimalFT)int ValueError)r)strings r,is_hexadecimalzPacmanKey.is_hexadecimals)  O  s  cP|jjjddjdd}t||jk7r|j j d|z|j|s|j j d|z|S)zoSanitise given key ID. Strips whitespace, uppercases all characters, and strips leading `0X`.  0Xzkey ID is not full-length: %smsgzkey ID is not hexadecimal: %s)stripupperreplacelenrr fail_jsonr4)r)r*sanitised_keyids r,r zPacmanKey.sanitise_keyids  ++---/77R@HHrR  4>> 1 KK ! !&E&W ! X""?3 KK ! !&E&W ! Xr.ct|j|\}}|ddk7r%|jjd|d|dt|j S)zDownloads a key from urlstatuszfailed to fetch key at z , error was r:r9)rrr?rread)r)rresponseinfos r,r&zPacmanKey.fetch_keysU"4;;4$ >S KK ! !SVX\]bXc&d ! e))r.c|jd|d|d|g}|jj|d|j||y)zReceives key via keyserver--gpgdirz --keyserverz --recv-keysTcheck_rcN)rr run_command lsign_key)r)rr*rcmds r,r'zPacmanKey.recv_keys@ G]I}^cd d3 w&r.cf|jd|g}|jj|d|gzdy)zLocally sign keyrHz --lsign-keyTrINrrrKr)rr*rMs r,rLzPacmanKey.lsign_keys3 G4 }e&< ST  !BUVF fr.__main__) __future__rrrrw __metaclass__ DOCUMENTATIONEXAMPLESRETURNos.pathrVrSansible.module_utils.basicransible.module_utils.urlsr+ansible.module_utils.common.text.convertersrobjectr rrqrtr.r,rsbCB J X" H 4/AffR( zFr.