Open
Description
Summary
The pacman_key module doesn't act on an expired/untrusted key in the present state. Maintaining a Pacman key via Ansible over a timespan that exceeds the key validity therefore requires using force options or manually/explicitly removing the key for the pacman_key module to be able to replace it.
The module should trigger key import when it encounters an expired/untrusted key (unless absent state is requested of course).
Issue Type
Bug Report
Component Name
pacman_key
Ansible Version
$ ansible --version
ansible [core 2.18.4]
config file = None
configured module search path = ['/home/al/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.13/site-packages/ansible
ansible collection location = /home/al/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/sbin/ansible
python version = 3.13.2 (main, Feb 5 2025, 08:05:21) [GCC 14.2.1 20250128] (/usr/bin/python)
jinja version = 3.1.5
libyaml = TrueCommunity.general Version
$ ansible-galaxy collection list community.general
# /usr/lib/python3.13/site-packages/ansible_collections
Collection Version
----------------- -------
community.general 10.5.0Configuration
$ ansible-config dump --only-changed
CONFIG_FILE() = None
GALAXY_SERVERS:OS / Environment
Arch Linux
Steps to Reproduce
- Manually add expired key (`pacman-key --add <expired.key>`)
- Run Ansible with:
- pacman_key:
id: <key ID>
data: "{{ lookup('file', 'non-expired_key.asc') }}"
state: presentExpected Results
Expired key replaced with valid non-expired key.
Actual Results
Ansible task succeeds without change.Code of Conduct
- I agree to follow the Ansible Code of Conduct