saltstack
[BUG] _decrypt_key overwrites the supplied key with an empty file.
Description In aptpkg.py the _decrypt_key function only alters the decrypted file name if the supplied file has no suffix. Because of this, the gpg call has the outgoing file set to the same name as the input file and the file gets zeroed. This is on line 2293 of the aptpkg.py file in the master branch.
Steps to Reproduce the behavior Running the zabbix-repo state with the key_url added will end up with /etc/apt/keyrings/zabbix.gpg being empty key existing.
pkgrepo.managed:
- name: deb [arch=amd64 signed-by=/etc/apt/keyrings/zabbix.gpg] https://repo.zabbix.com/zabbix/{{ zabbix.version_repo }}/{{ salt['grains.get']('os')|lower }} {{ salt['grains.get']('oscodename') }} main
- file: /etc/apt/sources.list.d/zabbix.list
- key_url: https://repo.zabbix.com/zabbix-official-repo.key
- clean_file: True
- aptkey: False
Expected behavior /etc/apt/keyrings/zabbix.gpg should end up with the unarmoured key. Instead it is empty and the repo fails.
Versions Report
salt --versions-report
``` Salt Version: Salt: 3005Dependency Versions: cffi: 1.14.6 cherrypy: 18.6.1 dateutil: 2.8.1 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.0 libgit2: Not Installed M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.2 msgpack-pure: Not Installed mysql-python: Not Installed pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.9.8 pygit2: Not Installed Python: 3.9.13 (main, Aug 23 2022, 18:31:15) python-gnupg: 0.4.8 PyYAML: 5.4.1 PyZMQ: 23.2.0 smmap: Not Installed timelib: 0.2.4 Tornado: 4.5.3 ZMQ: 4.3.4
System Versions: dist: ubuntu 22.04 jammy locale: utf-8 machine: x86_64 release: 5.4.0-99-generic system: Linux version: Ubuntu 22.04 jammy
