gpg_key fails on RHEL8/CentOS 8 due to changes on the output of the gpg command

[jpoliv]

gpg_key keeps adding the RPM GPG keys on every puppet run as it fails to extract the correct key from the gpg output (gpg version 2.2).

CentOS 7

$ rpm -qf /usr/bin/gpg
gnupg2-2.0.22-5.el7_5.x86_64

$ gpg --quiet --throw-keyids /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
pub  4096R/352C64E5 2013-12-16 Fedora EPEL (7) <[email protected]>

CentOS 8

$ rpm -qf /usr/bin/gpg
gnupg2-2.2.9-1.el8.x86_64

$ gpg --quiet --throw-keyids /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
pub   rsa4096 2013-12-16 [SCE]
      91E97D7C4A5E96F17F3E888F6A2FAEA2352C64E5
uid           Fedora EPEL (7) <[email protected]>

A possible workaround is to add the --with-colons option to the command line and process the 5th field of the line starting with "pub:"

CentOS 7

$ gpg --quiet --throw-keyids --with-colons /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
pub:-:4096:1:6A2FAEA2352C64E5:1387161732:::-:Fedora EPEL (7) <[email protected]>:

CentOS 8

$ gpg --quiet --throw-keyids --with-colons /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
pub:-:4096:1:6A2FAEA2352C64E5:1387161732:::-:
uid:::::::::Fedora EPEL (7) <[email protected]>:

Note: similar to the approach used by Ansible's rpm_key module (rpm_key)

[jpoliv]

Possible fix:

diff --git a/lib/puppet/provider/gpg_key/rpm.rb b/lib/puppet/provider/gpg_key/rpm.rb
index 71c3797..22e5dd2 100644
--- a/lib/puppet/provider/gpg_key/rpm.rb
+++ b/lib/puppet/provider/gpg_key/rpm.rb
@@ -38,7 +38,11 @@ Puppet::Type.type(:gpg_key).provide(:rpm) do

   def keyid
     if File.exist?(@resource[:path])
-      gpg(["--quiet", "--throw-keyids", @resource[:path]].compact)[11..18].downcase
+      gpg(["--quiet", "--throw-keyids", "--with-colons", @resource[:path]].compact)
+          .split('\n')
+          .find {|item| item.start_with?("pub:")}
+          .split(':')[4][8..15]
+          .downcase
     else
       nil
     end