operations: add GPG key management operations

Add new gpg.key and gpg.dearmor operations to manage GPG keys and keyrings.
These operations provide a modern alternative to apt-key for managing
APT repository keys.

Features:
- Install keys from URLs, local files, or keyservers
- Remove keys by ID or entire keyring files
- Convert ASCII armored keys to binary format
- Manage keys in specific keyrings or across all APT keyrings

This is part 1/3 of modernizing APT key management.

Author: maisim

tests/operations/gpg.key/keyserver_multiple.json

@@ -20,7 +20,7 @@
         "mkdir -p /tmp/pyinfra-gpg-empfile_",
         "chmod 700 /tmp/pyinfra-gpg-empfile_",
         "export GNUPGHOME=\"/tmp/pyinfra-gpg-empfile_\" && gpg --batch --keyserver \"hkps://keyserver.ubuntu.com\" --recv-keys 0xD88E42B4 0x7EA0A9C3",
-        "export GNUPGHOME=\"/tmp/pyinfra-gpg-empfile_\" && gpg --batch --export 0xD88E42B4 0x7EA0A9C3 > \"/etc/apt/keyrings/vendor.gpg\"",
+        "export GNUPGHOME=\"/tmp/pyinfra-gpg-empfile_\" && gpg --batch --export 0xD88E42B4 0x7EA0A9C3 | gpg --batch --dearmor -o \"/etc/apt/keyrings/vendor.gpg\"",
         "mkdir -p /etc/apt/keyrings",
         "touch /etc/apt/keyrings/vendor.gpg",
         "chmod 644 /etc/apt/keyrings/vendor.gpg"

tests/operations/gpg.key/keyserver_single.json

@@ -20,7 +20,7 @@
         "mkdir -p /tmp/pyinfra-gpg-empfile_",
         "chmod 700 /tmp/pyinfra-gpg-empfile_",
         "export GNUPGHOME=\"/tmp/pyinfra-gpg-empfile_\" && gpg --batch --keyserver \"hkps://keyserver.ubuntu.com\" --recv-keys 0xD88E42B4",
-        "export GNUPGHOME=\"/tmp/pyinfra-gpg-empfile_\" && gpg --batch --export 0xD88E42B4 > \"/etc/apt/keyrings/vendor.gpg\"",
+        "export GNUPGHOME=\"/tmp/pyinfra-gpg-empfile_\" && gpg --batch --export 0xD88E42B4 | gpg --batch --dearmor -o \"/etc/apt/keyrings/vendor.gpg\"",
         "mkdir -p /etc/apt/keyrings",
         "touch /etc/apt/keyrings/vendor.gpg",
         "chmod 644 /etc/apt/keyrings/vendor.gpg"

tests/operations/gpg.key/remove_by_id.json

@@ -5,28 +5,12 @@
         "present": false
     },
     "facts": {
-        "gpg.GpgKeyrings": {
-            "directories=['/etc/apt/keyrings']": {
-                "/etc/apt/keyrings/vendor.gpg": {
-                    "format": "gpg",
-                    "keys": {
-                        "ABCDEF1234567890": {
-                            "validity": "-",
-                            "length": 4096,
-                            "subkeys": {},
-                            "fingerprint": "ABCDEF1234567890FEDCBA0987654321ABCDEF12",
-                            "uid_hash": "ABC123DEF456",
-                            "uid": "Vendor Key <vendor@example.com>"
-                        }
-                    }
-                }
-            }
-        },
         "files.File": {
             "path=/etc/apt/keyrings/vendor.gpg": {"mode": 644}
         }
     },
     "commands": [
-        "rm -f /etc/apt/keyrings/vendor.gpg"
+        "gpg --batch --no-default-keyring --keyring \"/etc/apt/keyrings/vendor.gpg\" --delete-keys 0xABCDEF12 2>/dev/null || true",
+        "if ! gpg --batch --no-default-keyring --keyring \"/etc/apt/keyrings/vendor.gpg\" --list-keys 2>/dev/null | grep -q \"pub\"; then rm -f \"/etc/apt/keyrings/vendor.gpg\"; fi"
     ]
 }

tests/operations/gpg.key/remove_from_all_keyrings.json

@@ -3,29 +3,13 @@
         "keyid": "0xCOMPROMISED123",
         "present": false
     },
-    "facts": {
-        "gpg.GpgKeyrings": {
-            "directories=['/etc/apt/trusted.gpg.d', '/etc/apt/keyrings', '/usr/share/keyrings']": {
-                "/etc/apt/trusted.gpg.d/compromised.gpg": {
-                    "format": "gpg",
-                    "keys": {
-                        "COMPROMISED123567890": {
-                            "validity": "-",
-                            "length": 4096,
-                            "subkeys": {},
-                            "fingerprint": "COMPROMISED123567890FEDCBA0987654321COMPROMISED123",
-                            "uid_hash": "ABC123DEF456",
-                            "uid": "Compromised Key <compromised@example.com>"
-                        }
-                    }
-                }
-            }
-        },
-        "files.File": {
-            "path=/etc/apt/trusted.gpg.d/compromised.gpg": {"mode": 644}
-        }
-    },
+    "facts": {},
     "commands": [
-        "rm -f /etc/apt/trusted.gpg.d/compromised.gpg"
+        "for keyring in /etc/apt/trusted.gpg.d/*.gpg; do [ -e \"$keyring\" ] && gpg --batch --no-default-keyring --keyring \"$keyring\" --delete-keys 0xCOMPROMISED123 2>/dev/null || true; done",
+        "for keyring in /etc/apt/trusted.gpg.d/*.gpg; do [ -e \"$keyring\" ] && ! gpg --batch --no-default-keyring --keyring \"$keyring\" --list-keys 2>/dev/null | grep -q \"pub\" && rm -f \"$keyring\" || true; done",
+        "for keyring in /etc/apt/keyrings/*.gpg; do [ -e \"$keyring\" ] && gpg --batch --no-default-keyring --keyring \"$keyring\" --delete-keys 0xCOMPROMISED123 2>/dev/null || true; done",
+        "for keyring in /etc/apt/keyrings/*.gpg; do [ -e \"$keyring\" ] && ! gpg --batch --no-default-keyring --keyring \"$keyring\" --list-keys 2>/dev/null | grep -q \"pub\" && rm -f \"$keyring\" || true; done",
+        "for keyring in /usr/share/keyrings/*.gpg; do [ -e \"$keyring\" ] && gpg --batch --no-default-keyring --keyring \"$keyring\" --delete-keys 0xCOMPROMISED123 2>/dev/null || true; done",
+        "for keyring in /usr/share/keyrings/*.gpg; do [ -e \"$keyring\" ] && ! gpg --batch --no-default-keyring --keyring \"$keyring\" --list-keys 2>/dev/null | grep -q \"pub\" && rm -f \"$keyring\" || true; done"
     ]
 }