diff --git a/changelog/62895.changed b/changelog/62895.changed new file mode 100644 index 00000000000..d5bff3866b9 --- /dev/null +++ b/changelog/62895.changed @@ -0,0 +1 @@ +Removed GPG_1_3_1 check diff --git a/salt/modules/gpg.py b/salt/modules/gpg.py index f5fbfd01651..0e922d1f01b 100644 --- a/salt/modules/gpg.py +++ b/salt/modules/gpg.py @@ -21,7 +21,6 @@ import salt.utils.files import salt.utils.path import salt.utils.stringutils from salt.exceptions import SaltInvocationError -from salt.utils.versions import LooseVersion as _LooseVersion log = logging.getLogger(__name__) @@ -65,12 +64,9 @@ VERIFY_TRUST_LEVELS = { "4": "Ultimate", } -GPG_1_3_1 = False try: import gnupg - HAS_GPG_BINDINGS = True - GPG_1_3_1 = _LooseVersion(gnupg.__version__) >= _LooseVersion("1.3.1") except ImportError: HAS_GPG_BINDINGS = False @@ -183,10 +179,7 @@ def _create_gpg(user=None, gnupghome=None): if not gnupghome: gnupghome = _get_user_gnupghome(user) - if GPG_1_3_1: - gpg = gnupg.GPG(homedir=gnupghome) # pylint: disable=unexpected-keyword-arg - else: - gpg = gnupg.GPG(gnupghome=gnupghome) + gpg = gnupg.GPG(gnupghome=gnupghome) return gpg @@ -238,34 +231,29 @@ def search_keys(text, keyserver=None, user=None): salt '*' gpg.search_keys user@example.com keyserver=keyserver.ubuntu.com user=username """ - if GPG_1_3_1: - raise SaltInvocationError( - "The search_keys function is not support with this version of python-gnupg." - ) - else: - if not keyserver: - keyserver = "pgp.mit.edu" + if not keyserver: + keyserver = "pgp.mit.edu" - _keys = [] - for _key in _search_keys(text, keyserver, user): - tmp = {"keyid": _key["keyid"], "uids": _key["uids"]} + _keys = [] + for _key in _search_keys(text, keyserver, user): + tmp = {"keyid": _key["keyid"], "uids": _key["uids"]} - expires = _key.get("expires", None) - date = _key.get("date", None) - length = _key.get("length", None) + expires = _key.get("expires", None) + date = _key.get("date", None) + length = _key.get("length", None) - if expires: - tmp["expires"] = time.strftime( - "%Y-%m-%d", time.localtime(float(_key["expires"])) - ) - if date: - tmp["created"] = time.strftime( - "%Y-%m-%d", time.localtime(float(_key["date"])) - ) - if length: - tmp["keyLength"] = _key["length"] - _keys.append(tmp) - return _keys + if expires: + tmp["expires"] = time.strftime( + "%Y-%m-%d", time.localtime(float(_key["expires"])) + ) + if date: + tmp["created"] = time.strftime( + "%Y-%m-%d", time.localtime(float(_key["date"])) + ) + if length: + tmp["keyLength"] = _key["length"] + _keys.append(tmp) + return _keys def list_keys(user=None, gnupghome=None): @@ -778,29 +766,16 @@ def import_key(text=None, filename=None, user=None, gnupghome=None): imported_data = gpg.import_keys(text) - if GPG_1_3_1: - counts = imported_data.counts - if counts.get("imported") or counts.get("imported_rsa"): - ret["message"] = "Successfully imported key(s)." - elif counts.get("unchanged"): - ret["message"] = "Key(s) already exist in keychain." - elif counts.get("not_imported"): - ret["res"] = False - ret["message"] = "Unable to import key." - elif not counts.get("count"): - ret["res"] = False - ret["message"] = "Unable to import key." - else: - if imported_data.imported or imported_data.imported_rsa: - ret["message"] = "Successfully imported key(s)." - elif imported_data.unchanged: - ret["message"] = "Key(s) already exist in keychain." - elif imported_data.not_imported: - ret["res"] = False - ret["message"] = "Unable to import key." - elif not imported_data.count: - ret["res"] = False - ret["message"] = "Unable to import key." + if imported_data.imported or imported_data.imported_rsa: + ret["message"] = "Successfully imported key(s)." + elif imported_data.unchanged: + ret["message"] = "Key(s) already exist in keychain." + elif imported_data.not_imported: + ret["res"] = False + ret["message"] = "Unable to import key." + elif not imported_data.count: + ret["res"] = False + ret["message"] = "Unable to import key." return ret @@ -1069,22 +1044,11 @@ def sign( else: gpg_passphrase = None - # Check for at least one secret key to sign with - - gnupg_version = _LooseVersion(gnupg.__version__) if text: - if gnupg_version >= _LooseVersion("1.3.1"): - signed_data = gpg.sign(text, default_key=keyid, passphrase=gpg_passphrase) - else: - signed_data = gpg.sign(text, keyid=keyid, passphrase=gpg_passphrase) + signed_data = gpg.sign(text, keyid=keyid, passphrase=gpg_passphrase) elif filename: with salt.utils.files.flopen(filename, "rb") as _fp: - if gnupg_version >= _LooseVersion("1.3.1"): - signed_data = gpg.sign( - text, default_key=keyid, passphrase=gpg_passphrase - ) - else: - signed_data = gpg.sign_file(_fp, keyid=keyid, passphrase=gpg_passphrase) + signed_data = gpg.sign_file(_fp, keyid=keyid, passphrase=gpg_passphrase) if output: with salt.utils.files.flopen(output, "wb") as fout: fout.write(salt.utils.stringutils.to_bytes(signed_data.data)) @@ -1255,29 +1219,19 @@ def encrypt( if text: result = gpg.encrypt(text, recipients, passphrase=gpg_passphrase) elif filename: - if GPG_1_3_1: - # This version does not allow us to encrypt using the - # file stream # have to read in the contents and encrypt. - with salt.utils.files.flopen(filename, "rb") as _fp: - _contents = salt.utils.stringutils.to_unicode(_fp.read()) - result = gpg.encrypt( - _contents, recipients, passphrase=gpg_passphrase, output=output - ) - else: - # This version allows encrypting the file stream - with salt.utils.files.flopen(filename, "rb") as _fp: - if output: - result = gpg.encrypt_file( - _fp, - recipients, - passphrase=gpg_passphrase, - output=output, - sign=sign, - ) - else: - result = gpg.encrypt_file( - _fp, recipients, passphrase=gpg_passphrase, sign=sign - ) + with salt.utils.files.flopen(filename, "rb") as _fp: + if output: + result = gpg.encrypt_file( + _fp, + recipients, + passphrase=gpg_passphrase, + output=output, + sign=sign, + ) + else: + result = gpg.encrypt_file( + _fp, recipients, passphrase=gpg_passphrase, sign=sign + ) else: raise SaltInvocationError("filename or text must be passed.")