adding proxy support for apt_repository (ansible#42534)

Similar reason behind ansible#42443 apt_repository module calls apt-key to add new repo source on ubuntu. apt-key does not respect Acquire::http::Proxy specified in apt conf files, nor http_proxy environment variable. More discussion about these behaviours can be found here: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1433761 keyserver-options are used to pass in proxy settings for apt-key, example: sudo apt-key adv --keyserver-options http-proxy=http://username:password@proxy.example.com:8080 --keyserver keyserver.ubuntu.com --recv-keys GPG_KEY This fix parse http_proxy and no_proxy environment variables and pass on proxy to apt-key using --keyserver-options if ubuntu key server is not in no_proxy list.
hangsu-ma · May 20, 2020 · 37635cf · 37635cf
1 parent bd10829
commit 37635cf
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/lib/ansible/modules/apt_repository.py b/lib/ansible/modules/apt_repository.py
@@ -112,6 +112,14 @@
 - apt_repository:
     repo: 'ppa:nginx/stable'
     codename: trusty
+
+# Working behind a proxy
+- apt_repository:
+    repo: 'ppa:nginx/stable'
+    codename: trusty
+  environment:
+    http_proxy: http://proxy.example.com:8080
+    https_proxy: http://proxy.example.com:8080
 '''
 
 import glob
@@ -137,6 +145,7 @@
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_native
 from ansible.module_utils.urls import fetch_url
+from ansible.module_utils.common.network import is_in_noproxy
 
 
 if sys.version_info[0] < 3:
@@ -403,6 +412,7 @@ def remove_source(self, line):
 class UbuntuSourcesList(SourcesList):
 
     LP_API = 'https://launchpad.net/api/1.0/~%s/+archive/%s'
+    KEY_SERVER = 'hkp://keyserver.ubuntu.com:80'
 
     def __init__(self, module, add_ppa_signing_keys_callback=None):
         self.module = module
@@ -445,7 +455,12 @@ def add_source(self, line, comment='', file=None):
             if self.add_ppa_signing_keys_callback is not None:
                 info = self._get_ppa_info(ppa_owner, ppa_name)
                 if not self._key_already_exists(info['signing_key_fingerprint']):
-                    command = ['apt-key', 'adv', '--recv-keys', '--no-tty', '--keyserver', 'hkp://keyserver.ubuntu.com:80', info['signing_key_fingerprint']]
+                    if os.environ.get('http_proxy') and not is_in_noproxy(self.KEY_SERVER, os.environ.get('no_proxy')):
+                        command = ['apt-key', 'adv', '--keyserver-options', 'http-proxy=%s' % os.environ.get('http_proxy'),
+                                   '--recv-keys', '--no-tty', '--keyserver', self.KEY_SERVER, info['signing_key_fingerprint']]
+                    else:
+                        command = ['apt-key', 'adv', '--recv-keys', '--no-tty', '--keyserver', self.KEY_SERVER,
+                                   info['signing_key_fingerprint']]
                     self.add_ppa_signing_keys_callback(command)
 
             file = file or self._suggest_filename('%s_%s' % (line, self.codename))