pyinfra-dev
Pr1/3 : add GPG key management operations and facts
Add new gpg.key and gpg.dearmor operations to manage GPG keys and keyrings. These operations provide a modern alternative to apt-key for managing APT repository keys.
Features:
- Install keys from URLs, local files, or keyservers
- Remove keys by ID or entire keyring files
- Convert ASCII armored keys to binary format
- Manage keys in specific keyrings or across all APT keyrings
This is part 1/3 of modernizing APT key management.
- [x] Pull request is based on the default branch (
3.xat this time) - [x] Pull request includes tests for any new/updated operations/facts
- [ ] Pull request includes documentation for any new/updated operations/facts
- [x] Tests pass (see
scripts/dev-test.sh) - [x] Type checking & code style passes (see
scripts/dev-lint.sh)
Hi @DonDebonair ! Can you take a look at this, please? It seems to work, but I'm not sure I'm always using gpg correctly. Also, I'm always hesitant to use facts or shell commands within operations. Let me know what you think. Thanks!
Thanks for the PR @maisim . I would not be afraid to use facts inside operations. I actually consider it a best practice to use facts to check things in operations. So instead of doing checks inside the shell commands you yield, there are probably places where you can rely on facts instead. That makes the yielded commands simpler.
If you can change those already, I'll do a more full review this weekend.
Caveat btw: I'm by no means a GPG expert. A short while ago, I wanted to use pyinfra to install Docker on a Debian host. I just created the keyring directory and downloaded the key directly into that, never touching GPG 😅
Left some more comments @maisim incl. some ideas on how to leverate facts.