Reformat everything.

2026-04-23 12:19:15 +00:00 · 2025-11-01 12:08:41 +01:00 · 2025-11-01 12:08:41 +01:00 · 340ff8586d
commit 340ff8586d
parent 3f2213791a
1008 changed files with 61301 additions and 58309 deletions
--- a/plugins/modules/pacman_key.py
+++ b/plugins/modules/pacman_key.py
@ -137,7 +137,7 @@ class GpgListResult:
    """Wraps gpg --list-* output."""

    def __init__(self, line):
-        self._parts = line.split(':')
+        self._parts = line.split(":")

    @property
    def kind(self):
@ -149,7 +149,7 @@ class GpgListResult:

    @property
    def is_fully_valid(self):
-        return self.valid == 'f'
+        return self.valid == "f"

    @property
    def key(self):
@ -180,20 +180,20 @@ class PacmanKey:
    def __init__(self, module):
        self.module = module
        # obtain binary paths for gpg & pacman-key
-        self.gpg_binary = module.get_bin_path('gpg', required=True)
-        self.pacman_key_binary = module.get_bin_path('pacman-key', required=True)
+        self.gpg_binary = module.get_bin_path("gpg", required=True)
+        self.pacman_key_binary = module.get_bin_path("pacman-key", required=True)

        # obtain module parameters
-        keyid = module.params['id']
-        url = module.params['url']
-        data = module.params['data']
-        file = module.params['file']
-        keyserver = module.params['keyserver']
-        verify = module.params['verify']
-        force_update = module.params['force_update']
-        keyring = module.params['keyring']
-        state = module.params['state']
-        ensure_trusted = module.params['ensure_trusted']
+        keyid = module.params["id"]
+        url = module.params["url"]
+        data = module.params["data"]
+        file = module.params["file"]
+        keyserver = module.params["keyserver"]
+        verify = module.params["verify"]
+        force_update = module.params["force_update"]
+        keyring = module.params["keyring"]
+        state = module.params["state"]
+        ensure_trusted = module.params["ensure_trusted"]
        self.keylength = 40

        # sanitise key ID & check if key exists in the keyring
@ -204,15 +204,15 @@ class PacmanKey:

        # check mode
        if module.check_mode:
-            if state == 'present':
+            if state == "present":
                changed = (key_present and force_update) or not key_present
                if not changed and ensure_trusted:
                    changed = not (key_valid and self.key_is_trusted(keyring, keyid))
                module.exit_json(changed=changed)
-            if state == 'absent':
+            if state == "absent":
                module.exit_json(changed=key_present)

-        if state == 'present':
+        if state == "present":
            trusted = key_valid and self.key_is_trusted(keyring, keyid)
            if not force_update and key_present and (not ensure_trusted or trusted):
                module.exit_json(changed=False)
@ -236,7 +236,7 @@ class PacmanKey:
                self.lsign_key(keyring=keyring, keyid=keyid)
                changed = True
            module.exit_json(changed=changed)
-        elif state == 'absent':
+        elif state == "absent":
            if key_present:
                self.remove_key(keyring, keyid)
                module.exit_json(changed=True)
@ -245,18 +245,16 @@ class PacmanKey:
    def gpg(self, args, keyring=None, **kwargs):
        cmd = [self.gpg_binary]
        if keyring:
-            cmd.append(f'--homedir={keyring}')
-        cmd.extend(['--no-permission-warning', '--with-colons', '--quiet', '--batch', '--no-tty'])
+            cmd.append(f"--homedir={keyring}")
+        cmd.extend(["--no-permission-warning", "--with-colons", "--quiet", "--batch", "--no-tty"])
        return self.module.run_command(cmd + args, **kwargs)

    def pacman_key(self, args, keyring, **kwargs):
-        return self.module.run_command(
-            [self.pacman_key_binary, '--gpgdir', keyring] + args,
-            **kwargs)
+        return self.module.run_command([self.pacman_key_binary, "--gpgdir", keyring] + args, **kwargs)

    def pacman_machine_key(self, keyring):
-        unused_rc, stdout, unused_stderr = self.gpg(['--list-secret-key'], keyring=keyring)
-        return gpg_get_first_attr_of_kind(stdout.splitlines(), 'sec', 'key')
+        unused_rc, stdout, unused_stderr = self.gpg(["--list-secret-key"], keyring=keyring)
+        return gpg_get_first_attr_of_kind(stdout.splitlines(), "sec", "key")

    def is_hexadecimal(self, string):
        """Check if a given string is valid hexadecimal"""
@ -271,7 +269,7 @@ class PacmanKey:

        Strips whitespace, uppercases all characters, and strips leading `0X`.
        """
-        sanitised_keyid = keyid.strip().upper().replace(' ', '').replace('0X', '')
+        sanitised_keyid = keyid.strip().upper().replace(" ", "").replace("0X", "")
        if len(sanitised_keyid) != self.keylength:
            self.module.fail_json(msg=f"key ID is not full-length: {sanitised_keyid}")
        if not self.is_hexadecimal(sanitised_keyid):
@ -281,17 +279,17 @@ class PacmanKey:
    def fetch_key(self, url):
        """Downloads a key from url"""
        response, info = fetch_url(self.module, url)
-        if info['status'] != 200:
+        if info["status"] != 200:
            self.module.fail_json(msg=f"failed to fetch key at {url}, error was {info['msg']}")
        return to_native(response.read())

    def recv_key(self, keyring, keyid, keyserver):
        """Receives key via keyserver"""
-        self.pacman_key(['--keyserver', keyserver, '--recv-keys', keyid], keyring=keyring, check_rc=True)
+        self.pacman_key(["--keyserver", keyserver, "--recv-keys", keyid], keyring=keyring, check_rc=True)

    def lsign_key(self, keyring, keyid):
        """Locally sign key"""
-        self.pacman_key(['--lsign-key', keyid], keyring=keyring, check_rc=True)
+        self.pacman_key(["--lsign-key", keyid], keyring=keyring, check_rc=True)

    def save_key(self, data):
        "Saves key data to a temporary file"
@ -306,11 +304,11 @@ class PacmanKey:
        """Add key to pacman's keyring"""
        if verify:
            self.verify_keyfile(keyfile, keyid)
-        self.pacman_key(['--add', keyfile], keyring=keyring, check_rc=True)
+        self.pacman_key(["--add", keyfile], keyring=keyring, check_rc=True)

    def remove_key(self, keyring, keyid):
        """Remove key from pacman's keyring"""
-        self.pacman_key(['--delete', keyid], keyring=keyring, check_rc=True)
+        self.pacman_key(["--delete", keyid], keyring=keyring, check_rc=True)

    def verify_keyfile(self, keyfile, keyid):
        """Verify that keyfile matches the specified key ID"""
@ -320,50 +318,50 @@ class PacmanKey:
            self.module.fail_json(msg="expected a key ID, got none")

        rc, stdout, stderr = self.gpg(
-            ['--with-fingerprint', '--show-keys', keyfile],
+            ["--with-fingerprint", "--show-keys", keyfile],
            check_rc=True,
        )

-        extracted_keyid = gpg_get_first_attr_of_kind(stdout.splitlines(), 'fpr', 'user_id')
+        extracted_keyid = gpg_get_first_attr_of_kind(stdout.splitlines(), "fpr", "user_id")
        if extracted_keyid != keyid:
            self.module.fail_json(msg=f"key ID does not match. expected {keyid}, got {extracted_keyid}")

    def key_validity(self, keyring, keyid):
        "Check if the key ID is in pacman's keyring and not expired"
-        rc, stdout, stderr = self.gpg(['--no-default-keyring', '--list-keys', keyid], keyring=keyring, check_rc=False)
+        rc, stdout, stderr = self.gpg(["--no-default-keyring", "--list-keys", keyid], keyring=keyring, check_rc=False)
        if rc != 0:
            if stderr.find("No public key") >= 0:
                return []
            else:
                self.module.fail_json(msg=f"gpg returned an error: {stderr}")
-        return gpg_get_all_attrs_of_kind(stdout.splitlines(), 'uid', 'is_fully_valid')
+        return gpg_get_all_attrs_of_kind(stdout.splitlines(), "uid", "is_fully_valid")

    def key_is_trusted(self, keyring, keyid):
        """Check if key is signed and not expired."""
-        unused_rc, stdout, unused_stderr = self.gpg(['--check-signatures', keyid], keyring=keyring)
-        return self.pacman_machine_key(keyring) in gpg_get_all_attrs_of_kind(stdout.splitlines(), 'sig', 'key')
+        unused_rc, stdout, unused_stderr = self.gpg(["--check-signatures", keyid], keyring=keyring)
+        return self.pacman_machine_key(keyring) in gpg_get_all_attrs_of_kind(stdout.splitlines(), "sig", "key")


 def main():
    module = AnsibleModule(
        argument_spec=dict(
-            id=dict(type='str', required=True),
-            data=dict(type='str'),
-            file=dict(type='path'),
-            url=dict(type='str'),
-            keyserver=dict(type='str'),
-            verify=dict(type='bool', default=True),
-            force_update=dict(type='bool', default=False),
-            keyring=dict(type='path', default='/etc/pacman.d/gnupg'),
-            ensure_trusted=dict(type='bool', default=False),
-            state=dict(type='str', default='present', choices=['absent', 'present']),
+            id=dict(type="str", required=True),
+            data=dict(type="str"),
+            file=dict(type="path"),
+            url=dict(type="str"),
+            keyserver=dict(type="str"),
+            verify=dict(type="bool", default=True),
+            force_update=dict(type="bool", default=False),
+            keyring=dict(type="path", default="/etc/pacman.d/gnupg"),
+            ensure_trusted=dict(type="bool", default=False),
+            state=dict(type="str", default="present", choices=["absent", "present"]),
        ),
        supports_check_mode=True,
-        mutually_exclusive=(('data', 'file', 'url', 'keyserver'),),
-        required_if=[('state', 'present', ('data', 'file', 'url', 'keyserver'), True)],
+        mutually_exclusive=(("data", "file", "url", "keyserver"),),
+        required_if=[("state", "present", ("data", "file", "url", "keyserver"), True)],
    )
    PacmanKey(module)


-if __name__ == '__main__':
+if __name__ == "__main__":
    main()