When running on Ubuntu 22.04 retrieving the secret key fails.

failed: [example] (item=/etc/pki/gpg/duply/root.priv) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/pki/gpg/duply/root.priv", "msg": "the remote file does not exist, not transferring, ignored"}

This appears to be because the private key is no longer available in GPG 2.1 (https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html).

Looking through the code it appears 31423de from 2016 was probably fixing this issue for key importing (though its not explicit in the commit message).

Given that Ubuntu < 16.04 and RHEL <7 are out of mainline support; is it time to remove that parameter from the role and the option from gen-key-script?

Single quotes ' ' are missing in several paths in the file gpgkey_generate.yml (https://github.com/juju4/ansible-gpgkey_generate/blob/master/tasks/gpgkey_generate.yml), such as:

Line 73 : dest: "{{ gpg_home }}/.gnupg" <-- Wrong (if path contains a space, it can throw errors)
Line 73 : dest: "'{{ gpg_home }}/.gnupg'" <-- Correct

Sorry, I'm not github-proficient, so no pull request possible, but it will take you only 2 minutes to find all these paths in this 1 file.

Getting this running the playbook on a fresh Ubuntu 20.04

vars

    gpg_generator_user: root
    ansible_become_method: sudo
    gpg_realname: '**'
    gpg_useremail: '***'
    gpg_pubkeyfile: '***'
    gpg_privkeyfile: '***'
    gpg_home: '/root'
    gpg_keylength: 4096
    gpg_subkeylength: 4096
    gpg_expire: 0
    gpg_passphrase: null
    gpg_no_log: false

error

 FAILED! => {"changed": true, "cmd": ["gpg", "--batch", "--gen-key", "/root/.gnupg/gen-key-script-root"], "delta": 
"0:00:00.023266", "end": "2021-04-15 10:58:05.913710", "msg": "non-zero return code", "rc": 2, "start": "2021-04-15 
10:58:05.890444", "stderr": "gpg: Generating a basic OpenPGP key\ngpg: Sorry, we are in batchmode - can't get input",
 "stderr_lines": ["gpg: Generating a basic OpenPGP key", "gpg: Sorry, we are in batchmode - can't get input"], "stdout": "", "stdout_lines": []}

When trying to install this role, get the following error that a dependency is not available.

$ ansible-galaxy install juju4.gpgkey_generate --force                                                                                        
- changing role juju4.gpgkey_generate from 0.8.0 to unspecified
- downloading role 'gpgkey_generate', owned by juju4
- downloading role from https://github.com/juju4/ansible-gpgkey_generate/archive/0.8.0.tar.gz
- extracting juju4.gpgkey_generate to /home/justin/.ansible/roles/juju4.gpgkey_generate
- juju4.gpgkey_generate (0.8.0) was installed successfully
- adding dependency: juju4.redhat-epel
- downloading role 'redhat-epel', owned by juju4
[WARNING]: - juju4.redhat-epel was NOT installed successfully: - sorry, juju4.redhat-epel was not found on https://galaxy.ansible.com/api/.

At the end, a fingerprint file, public key and optionally private key are produced. These files come from gpg_generate_user.

If only juju4.gpgkey_generate generates keys, the keys and fingerprint extracted from gpg_user and gpg_generate_user are the same. However, this cannot be guaranteed. The keys and fingerprint should be extracted directly from gpg_user's keyring.

I was struggling with this msg 'Failed to lock apt for exclusive operation: Failed to lock directory /var/lib/apt/lists/: E:Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)', until I tried to comment the update_cache: yes line, as pointed here: https://stackoverflow.com/questions/33563425/ansible-1-9-4-failed-to-lock-apt-for-exclusive-operation/40933352

Apparently, ansible triggers two actions at the same time using apt and the first threat creates the file that locks the 2nd one.

A possible solution is to create a step to only update cache before.

Ansible: 2.9.5
Ubuntu: 21.04