Search code examples
ansibleyamlgnupg

Ansible: Importing GPG-keys from RPM Fusion not working

I'm trying to create a task to download and import the GPG-keys from the official RPM Fusion site but it fails.

- hosts: localhost
  connection: local
  name: DOWNLOADING AND IMPORTING SECURITY KEYS
  tasks:
    - name: Downloading the security key for RPM Fusion (free) repo
      get_url:
        url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020
        dest: ~/Downloads/free_keys.txt

    - name: Importing (free) key
      ansible.builtin.rpm_key:
        state: present
        key: ~/Downloads/free_keys.txt

    - name: Deleting security key file (free)
      ansible.builtin.file:
        path: ~/Downloads/free_keys.txt
        state: absent

    - name: Downloading the security key for RPM Fusion (non-free) repo
      get_url:
        url: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
        dest: ~/Downloads/nonfree_keys.txt

    - name: Importing (non-free) key
      ansible.builtin.rpm_key:
        state: present
        key: ~/Downloads/nonfree_keys.txt

    - name: Deleting security key file (non-free)
      ansible.builtin.file:
        path: ~/Downloads/nonfree_keys.txt
        state: absent

This is the output:

TASK [Gathering Facts] *********************************************************
ok: [localhost]

TASK [Downloading the security key for RPM Fusion (free) repo] *****************
changed: [localhost] => {"changed": true, "checksum_dest": null, "checksum_src": "554f50b16f9cf421f7caf02ce83c9069fd399b0e", "dest": "/home/[REDACTED]/Downloads/free_keys.txt", "elapsed": 0, "gid": 1000, "group": "[REDACTED]", "md5sum": "7206830528e4e9fb61d52dafc4e32ed1", "mode": "0664", "msg": "OK (1704 bytes)", "owner": "[REDACTED]", "secontext": "unconfined_u:object_r:user_home_t:s0", "size": 1704, "src": "/home/[REDACTED]/.ansible/tmp/ansible-tmp-1623521488.9204922-9892-237385967611488/tmp38djamsm", "state": "file", "status_code": 200, "uid": 1000, "url": "https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020"}

TASK [Importing (free) key] ****************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Not a valid key ~/Downloads/free_keys.txt"}

PLAY RECAP *********************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

So far I've tried to download the keys to .txt and .gpg format but none of these methods work. Any suggestion is greatly appreciated.

EDIT: To answer your questions:

1.

TASK [Importing (free) key] ****************************************************
task path: /home/[REDACTED]/Documents/ansible-playbooks/for_laptops/dell_e7270/import_keys.yml:11
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: [REDACTED]
<127.0.0.1> EXEC /bin/sh -c 'echo ~[REDACTED] && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/[REDACTED]/.ansible/tmp `"&& mkdir "` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" && echo ansible-tmp-1623533463.7691412-3758-92960382692038="` echo /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038 `" ) && sleep 0'
Using module file /usr/lib/python3.9/site-packages/ansible/modules/packaging/os/rpm_key.py
<127.0.0.1> PUT /home/[REDACTED]/.ansible/tmp/ansible-local-3682vs8hkmey/tmpjamn9upp TO /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py
<127.0.0.1> EXEC /bin/sh -c 'chmod u+x /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c '/usr/bin/python3 /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/AnsiballZ_rpm_key.py && sleep 0'
<127.0.0.1> EXEC /bin/sh -c 'rm -f -r /home/[REDACTED]/.ansible/tmp/ansible-tmp-1623533463.7691412-3758-92960382692038/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "fingerprint": null,
            "key": "~/Downloads/free_keys",
            "state": "present",
            "validate_certs": true
        }
    },
    "msg": "Not a valid key ~/Downloads/free_keys"
}
  1. The keys are the ones under 'Fedora 34' in this link.
  2. Yes, the keys downloaded look like that.
  3. Unfortunately, changing the permissions did not work.

Looks like a solution could be to download the distribution-gpg-keys from the official repos before installing the RPM Fusion.

Solution

  • After some digging I found the solution and it's simpler than I thought:

    ---
- hosts: localhost
  connection: local
  name: IMPORTING SECURITY KEYS
  tasks:
    - name: Importing (free) key
      ansible.builtin.rpm_key:
        state: present
        key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-free-fedora-2020

    - name: Importing (non-free) key
      ansible.builtin.rpm_key:
        state: present
        key: https://rpmfusion.org/keys?action=AttachFile&do=get&target=RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020

    Following the official documentation, I thought you had to download the keys to your PC and then install them. Instead, you can directly enter the URL into the key section.