Debian Question posted in
The oficial documentation can be found here.

Debian – How do I import a gnupg public key using only Ansible?

I am using Ansible role DebOps wpcli: https://docs.debops.org/en/stable-3.1/ansible/roles/wpcli/index.html

The error is:

TASK [debops.debops.wpcli : Verify and install wp-cli binary] ******************
fatal: [webserver]: FAILED! => changed=true 
  cmd: set -o nounset -o pipefail -o errexit && gpg --batch --decrypt --output /usr/local/src/wpcli/wp-cli-2.5.0.phar /usr/local/src/wpcli/wp-cli-2.5.0.phar.gpg && ( install --mode 755 --owner root --group root /usr/local/src/wpcli/wp-cli-2.5.0.phar /usr/local/bin/wp && install --mode 644 --owner root --group root /usr/local/src/wpcli/wp-cli-2.5.0.completion.bash /etc/bash_completion.d/wp-completion ) || ( rm -f /usr/local/src/wpcli/wp-cli-2.5.0.phar && exit 2 )
  delta: '0:00:00.092231'
  end: '2024-09-05 06:45:25.499750'
  msg: non-zero return code
  rc: 2
  start: '2024-09-05 06:45:25.407519'
  stderr: |-
    gpg: directory '/root/.gnupg' created
    gpg: keybox '/root/.gnupg/pubring.kbx' created
    gpg: Signature made Wed May 19 15:24:41 2021 UTC
    gpg:                using RSA key 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06
    gpg:                issuer "[email protected]"
    gpg: Can't check signature: No public key
  stderr_lines: <omitted>
  stdout: ''
  stdout_lines: <omitted>

I already know how to fix this using plain Bash shell: Can't check signature: public key not found.
I don’t want to fix it with shell commands, but I need to achieve it using Ansible.

My question is: how do I fix this error using Ansible or even better with an existing DebOps role?

Edit based on first answer:
I should clarify that this is not in the context of apt-get, there is no APT keyring involved at all. The wpcli role is distribution neutral and works on Debian, Redhat, Suse, Arch, and any other distro that supports Ansible.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    By using debops.keyring role.

    Have this in meta/main.yml:

    ---
dependencies:
  - role: debops.debops.keyring
    keyring__dependent_gpg_keys:
      - id: 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06
  - role: debops.debops.wpcli

    The keyring role will first install the key 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06 into root's gnupg keyring, and then the wpcli role will find the key there.


  2. 0

    By using apt_key module.

    - name: Add an apt key by id from a keyserver
  ansible.builtin.apt_key:
    keyserver: keyserver.ubuntu.com
    id: 63AF7AA15067C05616FDDD88A3A2E8F226F0BC06

    or you can download it and then use it in you apt:

    - name: apt key
  ansible.builtin.get_url:
    url: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x63af7aa15067c05616fddd88a3a2e8f226f0bc06
    dest: /etc/apt/keyrings/myrepo.asc

- name: somerepo | apt source
  ansible.builtin.apt_repository:
    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/myrepo.asc] https://someexample.com/linux/ubuntu {{ ansible_distribution_release }} stable"
    state: present
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search