Primary/security apt mirrors don't support key parameters

[ubuntu-server-builder]

This bug was originally filed in Launchpad as LP: #1925395

Launchpad details

affected_projects = []
assignee = None
assignee_name = None
date_closed = 2021-08-23T20:16:36.313993+00:00
date_created = 2021-04-21T23:28:53.262623+00:00
date_fix_committed = 2021-05-27T22:52:01.500686+00:00
date_fix_released = 2021-08-23T20:16:36.313993+00:00
id = 1925395
importance = wishlist
is_complete = True
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1925395
milestone = None
owner = vultaire
owner_name = Paul Goins
private = False
status = fix_released
submitter = vultaire
submitter_name = Paul Goins
tags = []
duplicates = []

Launchpad user Paul Goins(vultaire) wrote on 2021-04-21T23:28:53.262623+00:00

I'm trying to add a Landscape-based repository mirror. We're mirroring the official Ubuntu repositories locally via Landscape along with other packages so as to have a single mirror for all deb packages in this particular environment.

However, cloud-init doesn't seem to support supplying key-related parameters in the primary/security mirror clauses, but rather only in the sources clauses. The landscape-based mirror requires its own key, and without being able to provide the key to be added via apt-key, things break.

This can be worked around by adding a duplicate entry as one of the "sources", however this is less than ideal because it generates a bunch of warnings due to the duplicate apt entries.

[ubuntu-server-builder]

Launchpad user Paride Legovini(paride) wrote on 2021-04-23T13:58:24.863822+00:00

Hi Paul and thanks for this bug report. I agree that's currently a cloud-init limitation.

I have a different and possibly better (but untested!) workaround to suggest: use write_files to dump the gpg key to trust to /etc/apt/trusted.gpg.d/. This should prevent the "duplicate entry" warning, and adding keys to trust in this way is better than using apt-key (what "sources" does, see the deprecation warning in apt-key(8)), but I agree it should be better integrated in the repositories config.

[1] https://cloudinit.readthedocs.io/en/latest/topics/modules.html#write-files

[ubuntu-server-builder]

Launchpad user Paul Goins(vultaire) wrote on 2021-05-27T22:51:53.150017+00:00

I submitted this MR, which has since been merged into the mainline: #882

A new version hasn't been released yet, so I'll mark as fix committed.

[ubuntu-server-builder]

Launchpad user James Falcon(falcojr) wrote on 2021-08-23T20:16:37.522490+00:00

This bug is believed to be fixed in cloud-init in version 21.3. If this is still a problem for you, please make a comment and set the state back to New

Thank you.