On 3/31/19 10:37 AM, Martin Alfke wrote:>> On 29. Mar 2019, at 19:42, Douglas Rand <r...@iteris.com> wrote: >> I have a provider that hosts their APT repository behind a basic auth >> protected website, and I cannot work out how to get apt::key to add their >> key.
> Have you tried using apt_auth.conf file? > https://manpages.debian.org/testing/apt/apt_auth.conf.5.en.html No, I hadn't. And thanks for that, it solved another problem I was having. Thanks Martin! But not the problem with apt::key. I rand it down to the source_to_file method in the apt_key.rb provider from Puppet's APT library. The source_to_file method fetches the remote key and drops it in a temporary file and then uses apt-key to install the key. So the fetching of the key bypasses all of the nice apt features with apt/auth.conf. So no joy there. But I did find a fix. The problem is that the username I need to provide in basic auth is my email address, and includes an '@' sign. And since the '@' sign is already part of the url coding for usernames, you can't have it in the username. I had been using '%40' to replace the '@' sign in my username, but the Ruby provider doesn't know that the usernames might be URI encoded. This simple patch adds that: --- /local-project/tmp/r10k/production/modules/apt/lib/puppet/provider/apt_key/apt_key.rb 2017-10-24 08:45:17.316572536 -0500 +++ modules/apt/lib/puppet/provider/apt_key/apt_key.rb 2019-04-01 13:38:02.026555102 -0500 @@ -129,6 +129,10 @@ begin user_pass = parsedValue.userinfo.nil? ? nil : parsedValue.userinfo.split(':') parsedValue.userinfo = '' + unless user_pass.nil? + user_pass[0] = URI.unescape(user_pass[0]) + user_pass[1] = URI.unescape(user_pass[1]) + end key = open(parsedValue, :http_basic_authentication => user_pass).read rescue OpenURI::HTTPError, Net::FTPPermError => e fail("#{e.message} for #{resource[:source]}") Does anybody have any idea how to get this directed toward the right people? -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/3446ba74-f3f5-a512-f36c-e9f789b82d7a%40iteris.com. For more options, visit https://groups.google.com/d/optout.
