On 3/31/19 10:37 AM, Martin Alfke wrote:>> On 29. Mar 2019, at 19:42, Douglas Rand <[email protected]> wrote: >> I have a provider that hosts their APT repository behind a basic auth >> protected website, and I cannot work out how to get apt::key to add their >> key.
> Have you tried using apt_auth.conf file? > https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html No, I hadn't. And thanks for that, it solved another problem I was having. Thanks Martin! But not the problem with apt::key. I rand it down to the source_to_file method in the apt_key.rb provider from Puppet's APT library. The source_to_file method fetches the remote key and drops it in a temporary file and then uses apt-key to install the key. So the fetching of the key bypasses all of the nice apt features with apt/auth.conf. So no joy there. But I did find a fix. The problem is that the username I need to provide in basic auth is my email address, and includes an '@' sign. And since the '@' sign is already part of the url coding for usernames, you can't have it in the username. I had been using '%40' to replace the '@' sign in my username, but the Ruby provider doesn't know that the usernames might be URI encoded. This simple patch adds that: --- /local-project/tmp/r10k/production/modules/apt/lib/puppet/provider/apt_key/apt_key.rb 2017-10-24 08:45:17.316572536 -0500 +++ modules/apt/lib/puppet/provider/apt_key/apt_key.rb 2019-04-01 13:38:02.026555102 -0500 @@ -129,6 +129,10 @@ begin user_pass = parsedValue.userinfo.nil? ? nil : parsedValue.userinfo.split(':') parsedValue.userinfo = '' + unless user_pass.nil? + user_pass[0] = URI.unescape(user_pass[0]) + user_pass[1] = URI.unescape(user_pass[1]) + end key = open(parsedValue, :http_basic_authentication => user_pass).read rescue OpenURI::HTTPError, Net::FTPPermError => e fail("#{e.message} for #{resource[:source]}") Does anybody have any idea how to get this directed toward the right people? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3446ba74-f3f5-a512-f36c-e9f789b82d7a%40iteris.com. For more options, visit https://groups.google.com/d/optout.
