[Bug 1754075] Re: apt-setup uses apt-key but probably should not anymore

Stefan Dietrich 1754075 at bugs.launchpad.net
Thu Apr 12 05:50:46 UTC 2018 

Hello,

I have build locally an updated apt-setup.udeb with the patch from #12
and it works for me.

Installation of the rebuild udeb is a bit hacky via early_command:

d-i preseed/early_command string wget -q -O /tmp/apt-setup.udeb
http://<internal server>/apt-setup-udeb_0.104ubuntu5_amd64.udeb; udpkg
-i /tmp/apt-setup.udeb

I have used a preseed file, which contains 2 local repositories:

# Ubuntu DESY Repository
d-i apt-setup/local0/repository string \
    deb http://<internal server>/extra/desy/ bionic desy
d-i apt-setup/local0/source boolean false
d-i apt-setup/local0/comment string desy
d-i apt-setup/local0/key string http://<internal server>/extra/desy/DESY-Debian-key.asc

# Puppet PC1
d-i apt-setup/local1/repository string \
    deb http://<internal server>/extra/puppet.apt.timeline/current/ bionic PC1
d-i apt-setup/local1/source boolean false
d-i apt-setup/local1/comment string puppetlabs
d-i apt-setup/local1/key string http://<internal server>/extra/puppet.apt.timeline/current/pubkey.gpg

The updated udeb downloads the keys and copies them to /target/etc/apt/trusted/gpg.d:
~ # ls -la /target/etc/apt/trusted.gpg.d/
drwxr-xr-x    2 root     root          4096 Apr 11 20:32 .
drwxr-xr-x    6 root     root          4096 Apr 11 20:32 ..
-rw-r--r--    1 root     root           971 Feb 25  2015 desy.asc
-rw-r--r--    1 root     root          3139 Feb 22 23:34 puppetlabs.asc
-rw-r--r--    1 root     root          2796 Feb  6 17:15 ubuntu-keyring-2012-archive.gpg
-rw-r--r--    1 root     root          2794 Feb  6 17:15 ubuntu-keyring-2012-cdimage.gpg

Additionally, detection of non-binary format for the puppetlabs key
worked as well, as it now contains the .asc extension.

Side remark, a similar bug entry exists for debian-installer on launchpad as well:
https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1761030

Regards,
Stefan

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt-setup in Ubuntu.
https://bugs.launchpad.net/bugs/1754075

Title:
  apt-setup uses apt-key but probably should not anymore

Status in apt-setup package in Ubuntu:
  Confirmed
Status in gnupg package in Ubuntu:
  New
Status in gnupg2 package in Ubuntu:
  New

Bug description:
  In di if the kernel is in a private PPA we seed di using

  d-i apt-setup/local0/key string
  http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=<key>

  this used to work in xenial, but in bionic this fails and therefore
  apt update fails in base-installer. May be because add-apt-key is not
  installed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt-setup/+bug/1754075/+subscriptions

More information about the foundations-bugs mailing list