Skip to content

feat: Support Signed-By option for apt repository#14131

Merged
tpowell-progress merged 1 commit intochef:mainfrom
tmccombs:apt-key-deprecated
Mar 11, 2025
Merged

feat: Support Signed-By option for apt repository#14131
tpowell-progress merged 1 commit intochef:mainfrom
tmccombs:apt-key-deprecated

Conversation

@tmccombs
Copy link
Copy Markdown
Contributor

@tmccombs tmccombs commented Dec 7, 2023
edited
Loading

If it is used, it will avoid using the deprecated apt-key command.

Fixes: #13168

Description

Add support for a signed_by property for apt_repository.

If true, and a key is supplied, it will install the key in a repo-specific keyring, and reference that in the Signed-By option.
If a string, it will pass that string to the Signed-By option.

I'm not sure what the behavior should be if signed_by is a string, and a key is also supplied. Currently it will install the key in a repo-specific location, but use the value of the string in the signed-by field.

Other options for the case where key and signed-by are both specified could be:

  1. install the key in /etc/apt/trusted.gpg.d, and use signed-by as is
  2. try to interpret the first entry (comma seprated) as a file path, and install the key at that location
  3. prepend the generated location to the list of signed-by values if it isn't already included

This still needs testing and documentation. But I wanted to see if this was a good approach before polishing it.

Related Issue

#13168

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

  • I have read the CONTRIBUTING document.
  • I have run the pre-merge tests locally and they pass.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
  • All new and existing tests passed.
  • All commits have been signed-off for the Developer Certificate of Origin.

@tmccombs tmccombs requested review from a team as code owners December 7, 2023 07:47
@tmccombs tmccombs marked this pull request as draft December 7, 2023 07:47
@github-actions github-actions bot added the documentation How do we use this project? label Dec 7, 2023
@tmccombs tmccombs force-pushed the apt-key-deprecated branch 2 times, most recently from 25ee2b6 to 508ba35 Compare January 3, 2024 08:14
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Jan 3, 2024

Quality Gate Passed Quality Gate passed

The SonarCloud Quality Gate passed, but some issues were introduced.

5 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@tmccombs tmccombs mentioned this pull request Apr 3, 2024
Closed
@tmccombs tmccombs force-pushed the apt-key-deprecated branch from 508ba35 to b84cc1c Compare May 26, 2024 06:52
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented May 26, 2024

Quality Gate Passed Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

williamtheaker
williamtheaker reviewed Jul 2, 2024
View reviewed changes
williamtheaker
williamtheaker reviewed Jul 2, 2024
View reviewed changes
@tpowell-progress
Copy link
Copy Markdown
Contributor

tpowell-progress commented Dec 19, 2024

If we can get this to non-draft and rebase on main we can restart the discussion about getting this folded in.

@tmccombs tmccombs marked this pull request as ready for review December 19, 2024 21:17
tmccombs
tmccombs commented Dec 19, 2024
View reviewed changes
schrd
schrd suggested changes Jan 7, 2025
View reviewed changes
Copy link
Copy Markdown

@schrd schrd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like some variable renamings have been missed

@tmccombs tmccombs force-pushed the apt-key-deprecated branch from 075dc1b to 22c151f Compare January 8, 2025 21:05
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Jan 8, 2025

Quality Gate Passed Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@tpowell-progress
Copy link
Copy Markdown
Contributor

tpowell-progress commented Feb 25, 2025

@tmccombs can we get another rebase to validate that everything is working in the tests?

@tmccombs
feat: Support Signed-By option for apt repository
ed80452 
If it is used, it will avoid using the deprecated apt-key command.

Fixes: chef#13168
Signed-Off-By: Thayne Mccombs <thayne@lucid.co>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Feb 25, 2025

Quality Gate Passed Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

tpowell-progress
tpowell-progress reviewed Mar 6, 2025
View reviewed changes
@tpowell-progress tpowell-progress mentioned this pull request Mar 10, 2025
Closed
11 tasks
@tpowell-progress tpowell-progress merged commit 642d35b into chef:main Mar 11, 2025
52 of 54 checks passed
@tmccombs tmccombs deleted the apt-key-deprecated branch March 12, 2025 04:31
tpowell-progress pushed a commit that referenced this pull request Mar 12, 2025
@tmccombs @tpowell-progress
Backport of #14131 signed-by
fac469d 
Signed-off-by: Thomas Powell <thomas.powell@progress.com>
@tpowell-progress tpowell-progress mentioned this pull request Mar 12, 2025
Merged
11 tasks
tpowell-progress pushed a commit that referenced this pull request Mar 12, 2025
@tmccombs @tpowell-progress
Backport of #14131 signed-by
a11b324 
Signed-off-by: Thomas Powell <thomas.powell@progress.com>
tpowell-progress pushed a commit that referenced this pull request Mar 12, 2025
@tmccombs @tpowell-progress
Backport of #14131 signed-by
218772a 
Signed-off-by: Thomas Powell <thomas.powell@progress.com>
@IanMadd IanMadd mentioned this pull request Mar 27, 2025
Merged
4 tasks
@tpowell-progress tpowell-progress mentioned this pull request Mar 31, 2025
Merged
11 tasks
@Fil0sOFF Fil0sOFF mentioned this pull request Apr 8, 2025
Merged
11 tasks
@jaymzh jaymzh mentioned this pull request Oct 14, 2025
Merged
@jaymzh jaymzh mentioned this pull request Mar 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tpowell-progress tpowell-progress tpowell-progress approved these changes

@williamtheaker williamtheaker Awaiting requested review from williamtheaker

@schrd schrd Awaiting requested review from schrd

Assignees

No one assigned

Labels

documentation How do we use this project? Focus: Community PR Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

apt-key is deprecated since Ubuntu 22.04 and Debian 11

4 participants

@tmccombs @tpowell-progress @schrd @williamtheaker