apt::source save some asc keys as charset=binary instead of charset=us-ascii
0xbilko opened this issue · comments
Describe the Bug
apt::source save some asc keys as charset=binary instead of charset=us-ascii.
This breaks normal interaction with the repository
Expected Behavior
correct charset
Steps to Reproduce
Steps to reproduce the behavior:
- Check timescaledb key manual:
# wget -q https://packagecloud.io/timescale/timescaledb/gpgkey
# file -bi gpgkey
gpgkey: application/pgp-keys; charset=us-ascii
# cat gpgkey
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFvJLPUBEADRmOvZZY3ssucB5y3oeD5Kg6IdgXxKVGuPXtUAUAG54zS76R3B
qX6X+/Xyfb+czaInO5eo64gxk+02QL8Kscmzn3wgGUrXdrAQSECfBmT9gCpawi8c
U9Frp8UufJetLZoiklEwl4HIM5tewwcWye5Y6yNZQPFRReClbkh0AsBQxpPHZkfM
CpzAro4STmNNzXvYEIdJod1XuJ/gs9LwL6sDtD5SDiHWZOxk2C1tTg1w4lVsdGnm
BH4Pf3Op/Or98SLJe8RQ2PfqR/d69SyG277Pl8Gw61jVvwa0PoYLdHzAyf3XPgYp
nKaG6UbWmF5/bCJznMczz6f12EO+gDUkxNlw9t7fl0pkYduwOf2vdVCHQuMJ9dq4
2CufDcr/fMYsKDI33pSDrGbwT0pTCe4ivgvbfHxAWcXBKR9laPRxfvgumNS5kpuX
MDEDaJD0yxS9RL76PSh9+EEwk9cNkLZ721kZHH2h10h1b158njPcYCpGcDVHDFU2
1sSdHART/vV7BB4aK2u6XK/+1vM2OezRAZ7a4C6lVqmBonLC5/AhmQYCNACWC0qR
b900Ru3MJllvUmuN2iqcUcdr7T9MSUriaNSgC3uOeEOQ9qiNdao8+ShzCTH7hqnC
LTaNWnbCbbli4ag1J6zMdrU64p/A3rfh33IGMHtm3AXZdu12HInEjYb9gQARAQAB
tHJodHRwczovL3BhY2thZ2VjbG91ZC5pby90aW1lc2NhbGUvdGltZXNjYWxlZGIg
KGh0dHBzOi8vcGFja2FnZWNsb3VkLmlvL2RvY3MjZ3BnX3NpZ25pbmcpIDxzdXBw
b3J0QHBhY2thZ2VjbG91ZC5pbz6JAjgEEwECACIFAlvJLPUCGy8GCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheAAAoJEFnxjt9H8kQXKgQP/1d7MOFCy7FpB0QYSPE6fN/z
XQg9IX4XVw3iZxiKfXySdMyq9tkypVlw6VmhfsWMjmckmEbuQzVlmAiW+BkMcvRp
dDS/XLUyGTfi/mwUl/YdJ1A/HP6DcEuVgm22U8BwJhdMTmnvl7ISdO59UQd827yk
LC27xD3Y8qgJ2mtF0IYNoPiX5uwYI/HgFq9SfOIwdb74JmE+gUrzDJtEyTQ+3uV1
rgJkx2e1UCLWcrbggviRxCSHPSslGRCM9216ngZtqozTcdmmalsd9FP8GU3sQloL
c5XbjWoguFqx3hCVcjucf43Aiu43EUNHIRmpSkTdjwdrD+W8TQEMTqP2yIvVoDr8
MJQpID4B8c4qOwX+rLeDMB4PjnzFTA3VUIxvHYzD6ikPdXOB65auxaDsga1zlNa/
0u3WnH9rD0emcJUMTvo0CG8PtzzhFRO2NWy/buGFfcSZOMpEDs65E1u1x6hw1ija
vGWP/pF0PA7RQJnPJy95HtdlZD+VnK2x33CBaT1Q55QhyDicoUCzoPzxO/j91cSs
nXaYsQe3GsqlRY4pv9kjGANxP3YtrgZbuKfz1W5MhiuVaERvJfCgadGK5zqtXsHp
jSPCTlJl6Q0GMmQPv8vV12JUsaXKymboqGQwVCX/30D8QHws9GT31j8IogPax3JP
CWxM1fPFakGGynUXPzsouQINBFvJLPUBEADeVNpr5uBMF2PpWvIOHyhNJMcRrNP1
S2t4ZBVFQJJ+ur9PYxnOMY1XFL3RSqHMxWvAMGL5z1+EAIvIG9Pcr/q8VbBmZFUa
2rj+vnNXaNfSftSINTe3S6o34DjgRzzMfp6d21WCNYWKPd5lpRcYvh0cIXlSAA8c
LGvugMzd/aT729K3SNXZIX6eTN1aC1crcI1po9MxDf7zy7oB/0plvc/dyP63wJfS
21hz1z+QHiC/6fuxxuCC0YunS4fc45tVdmVBDCMqsGQtvghH4tkj6zDHOWteAuCi
scEBrr49rdejifscTn7iuyq1KAFsVH9+gmsXfmk5wUF4n2/PJCOGz/ZJuI4LaJwf
+kv6057JB1NY2SWdoZG/NL5dslgytZph++XhqZbdE8rlBtUhqgs2Gq9SDYYhQuTr
sGDtCYze3RUa4bW39SwAOS2wBNjA6X+tUG8QaDrEvk/33d+75/FRO1YSo+9Fkd3d
ik1onUbNq23/vPgeajrIWDE0V7mfU1+ef/fpHUdUXgynuTdqO/acqtDMpNjeLaCf
Z4nOVIGFA9u5PePvvZXfexC0rap7g3Z3Hx4g9dIqV6bJpwgSqKtkSyHZASlcT2ou
4jNmCGRpRACsU1FYwbJNtzY7+a3GVKxnzVtIYb17ues9tG0XRQlgo/tSwTGabSLB
/QEhpgTCTej58wARAQABiQQ+BBgBAgAJBQJbySz1AhsuAikJEFnxjt9H8kQXwV0g
BBkBAgAGBQJbySz1AAoJEOc5HJQIBCn/3D0QAM7anXRX/IZ8BWrSJatVsRoi7k4U
OzsFKkx4z0lZHuyXmIhl9/8C7eOhjefeVhM+wy/1Fp7Cqn1FyUNDPLJ1wY3HWneE
3sAoca8A8+Pi1rneifFMfZ+pfR/Jrqo4Tww1ytM1ZFdpIHG83IXUCWnFLS0tpbIe
LOt+jCDNHZMw16iWDEVhfMP5XXKBUSsZQAAhPrr+eiQnf39jPAYRMLzoOZ+p5wCV
W+u6xKfTeQ32n/bp6+xWtcppnCGjHy/TXVb8ZWAvDgDDaflpLQUlMFbw2OWtb5gk
wivtLY4npY2R5faK+uIUW7lrVFyW4VxhqtMj5DBn7h+CCg5sCnSe/eS2/uBCYv5a
mzRDGDuPbC9pUOp/q1CqR0pF3VwDtmluywuvE1OPdttuBgVtEKUJlgM5GXkB4AJ7
myU9buQs2oQd2LIH7x06q+PYCtUd3vBQNJ5vvRYoEbJ0p+MKhz5SAnzeXRTMAhat
L+uV2CIyMtxhedv89xDq4bHB+yZVH6p6nmvfIcFv6iSyLz5IWF1FcOXu42/RU2zc
X+SY/Qc+XW12VqzNgqHJ/ldFoeyXcizlJoFXnfculy3c4+nrHvFnYbux+OpiiZ54
y98P8QB89IU6gi34RINcf997kOvxByt3Rxa5ErboCy5Wb9NwK5aKrUzvvASYPck/
iagKbXUUdshP9T8mQRoQAIfcHfhrAEJ6vED+fg0opUTS1DMW8waaUI7Q3X+JX3hX
mhIJKNNQ6zFgoYHeqo72m6QvGDcAPPNuwaw+iccioZFZ6W7EftXA0XxqETQ6ha94
HWpRbz/fubQB3LnhbBxI0WYHly4MnjAtf/sLgbrKa1XgGygWXvcz2Ho9TSAzcgdA
vRZCNI1nahQtGmmGnrer6UR8lSN7ko1U7BJk3HU3BKGeIUdrXbt056HNEN+RsnaB
g5hAeKtrH+0HV4VEKpWFzBbU/pxue1B0DYw/EiwgR/qbMD5p6uZSzTJPQLDLIAHj
Cke2CPugug//Iek6gcKDos6MN/sLMThwp2jvfYYhP9CEN1QGTqBFLhCRPRPRc5bN
nv3z8jFBLzgn+4xt6yUwbI+/+OSQIA4QzhWwb7HpncSS9uHeUWrPn3Ji1lvqitZ4
FD9nQg8y+sDPGeaufjNSmjrkMAaG+zVUXlrNHmasxqoed1sD/+cy5jRAq3KinsNn
CElDwLxTzOqyNBGlm9DvbxkQzgxzEwhNZu4NEZrfWa1d5fJgeJvguNg0YiV+KNsL
b7IwsaWl08ddUWcq5OO2oi9R2re+KRc51v2L1KAkZdkliWuDTTnQulDtXc9DNA24
u1Ra8tSRkF7oOuVju59ItChbqEmwBRYLHWz3HjHa+kGaNwTtNk17AFneWzAjlKvy
=8+gQ
-----END PGP PUBLIC KEY BLOCK-----
- Use key with
apt::source
apt::source { 'timescaledb':
ensure => 'presen',
location => 'https://packagecloud.io/timescale/timescaledb/debian/',
release => "${facts['os']['distro']['codename']}",
repos => 'main',
pin => '1001',
key => {
name => 'timescaledb.asc',
source => 'https://packagecloud.io/timescale/timescaledb/gpgkey',
},
notify => Class['apt::update']
}
}
- Check puppet managed key
# file -bi /etc/apt/keyrings/timescaledb.asc
application/gzip; charset=binary
# cat /etc/apt/keyrings/timescaledb.asc
�)�9�`���?�!�5�~�'��b���j������]�=c�xb��D��X�� )�S2���)ܟ��a���{�/�/�����#
��W�����
7��▒ ��$l��A(��̞D>x1Xu��
�4��f�3�g%yK�/�\��.]qSr6Tx��L���j�i�ش�pv����V�g��[�h�ץm�bVֺ&S��R��a�s��0���%W�w�VZ;5b�7w�F���"��|b��������%����BS���m!f9�PN��-!$iv�t��?��e����s�hhV�
�D"�4�EJ9���y�F�X�^{�Iodٽ�6���S"G�s���*��▒�p{�g
���#�ⱙ�L0����g�A�p��{+� T�����~���}M.W`�Qi)_L���ۦ�Ĵ�����p�v�C@�>Q��}9������4gKgF��$��,#5���Ʃ�kf7I�˼�!�:���.t�$�b��
�
��l)�z�;��]wx�n ͜yY��.�;��$�Sq��)��Eύ�'#:�ù2Y�hnbCʥi�`I�ģ��G`ĠKY��"��֣L▒�;��� |���,�f,�6��l��3▒����1�S��c�қ~%�e�Q��w�R�š�%��R��e��4ԑI�7A�!�5E�V��CC�#B�o��C�▒S����٤�ד�� ��������C�̷��!p
��L���㤛���U�S���S�j��iL��L��V�0̨
�p}7Z�Z+|W� �9�D�&ʼn}Y�c
Di@Z��X��h_ͻ
o'�����{������\��gm/����]�4ȶzv���j�-�e���AQ��
$�� �_�Q��ֹ���ё��pڳr
!��8��x4��JE�M|)�1�M��g�@r%δS~�3OIL�����W7�v-�}▒X*����8-Ȗ���ƾ8G6���lN��▒�x������O�5�E��<t��Q2<L��X��|�5�g�=+1�iv
<CV�~rZ7����Z���&r+�?�
����c�
�?.Z��,f~�Gt���됣�'����K��~%�Z%�� �v4▒dz�_E����㋓(s{�Z�?��P�Kb�9�G�~%p�የO��&�!&4�/�!mKL��qy˻����\(ʱ�
[8n�7�d��=��\�KÙ�C�D�U��:wv�M�~%ƸL4ږ*N�w������'�}�%W%��Ɵy
Wy��ɹ���K�{�<�Ç�[��}��8K��s!��xʒϕ�\�R�X�Ʌ�&�������t^h>������1-���"bN��|��6T=�Äٰ��EKU�}���▒>z�����,�Wp0���
�~];ǽ�}p�2����{��9}^%k;�Zƶ�K<��▒��ٹX3�]�^��۔k�d��3�f�i��װ�[��Dl@ S�>����`Z��%���I��q�|�%���|��{��▒�z��\���ݼz�VD�u(E���
�J��EO��^��J;'�q��5��O�7O���_���P4I�=p8rF��́����K�A�ì���(/�|�/=▒,J��d/���v7�?P��OƷ��bl���$2yqX�Z����▒�/��se��T��ʙ�[��r�8]�"�`_��${�n�`1:S�؞�T�������0�+�I�ж�j�6�t�$u4�,��*�s�/N���6�e�,[�LŨ������L��L����X��;P����)����j),7@(��▒�L��!%��`q�d�W{l���ϳ���W���J��őŧ�e��:x�,N$7�x{oj*|F�
��+3f �P����P4���18�6�.���� ߛ�b>)�D�J�q� j�k�R���~9ސc���懠_��������5�▒�6�,▒k(Q�k2��k����O�p'�w��
�����+�O�n�,����D~͐�U P:�l�4
�ͱi6Lb�e�w�
N�,x���K�n�=y��� �n��;����7����@� �U��
s���D�?�����������l�o��S�Jǥ�e1F%�����d��h刦���"fЌ���у�
?;▒�T}M����a�mWg�d4p�N�������苟�Tf�;�eb"��(�L<�ƹ�W�O�d{ȓ!�D���a#��▒�,�P��cq�Y�t�(�C��ݍf▒8,�!Q�_�gj�▒ǀ��L�b)Z���A1[1�����s\콡����܍)m�o<y/�s��Y
MR������6i��-{�▒����^▒A%���5N����Pg�x
i�!��h}��oð�G��H.��Dz�:$>cL�����,k�X����-d^�5
�E� �r0���{j��6�){)� ��/��ЪU��Nఒ���A��v�ɪ�;�
��ڤ����Ϧ:� ��HVmQ�CٷT(^����� �
vm�흩B�DZ��:8SR���q�].�`1Tm�-�����np�M�H��k8�wiu&�����n1�>Y�y,rx�!0�������Vc8��O�r��|��4�Wk=�gm�;�R ���Z�Ϯ▒�+j|�m�▒��ʹ&A���� �^��*�f�����K�1_xO����M�^�싏NHh�ʆ�T����c�qU��xMa�/��{�W�-Qeo~\ ��]w�sB�G�c`���$wfE��l�73<5��@�+��S
�7V�/�,▒�����V6���>�4m
Environment
- puppet version - v8.5.1
- module version - v9.4.0
- Platform - Debian 11 (bullseye)
This is not an apt-module issue, the key is just a wrapper around a file resource. I can reproduce the problem with Puppet 8.5.1:
file { '/tmp/timescaledb.asc':
source => 'https://packagecloud.io/timescale/timescaledb/gpgkey',
}After running this, /tmp/timescaledb.asc is the gzip compressed response from the server that Puppet should have decompressed. gunziping it result in the expected ASCII key.
What version of Puppet are you using (9.4.0 in your report does not exist)?
Thanks, good job. Puppet version - 8.5.1.
@beliys thanks! This is a puppet bug, so I opened puppetlabs/puppet#9309 to track it at the source. I think we can close this issue as there is nothing more we can do at this level.
Thanks!