[Touch-packages] [Bug 1754075] Re: apt-setup uses apt-key but probably should not anymore

Stefan Dietrich Wed, 11 Apr 2018 23:02:00 -0700

Hello,

I have build locally an updated apt-setup.udeb with the patch from #12
and it works for me.


Installation of the rebuild udeb is a bit hacky via early_command:

d-i preseed/early_command string wget -q -O /tmp/apt-setup.udeb
http://<internal server>/apt-setup-udeb_0.104ubuntu5_amd64.udeb; udpkg
-i /tmp/apt-setup.udeb

I have used a preseed file, which contains 2 local repositories:

# Ubuntu DESY Repository
d-i apt-setup/local0/repository string \
    deb http://<internal server>/extra/desy/ bionic desy
d-i apt-setup/local0/source boolean false
d-i apt-setup/local0/comment string desy
d-i apt-setup/local0/key string http://<internal 
server>/extra/desy/DESY-Debian-key.asc

# Puppet PC1
d-i apt-setup/local1/repository string \
    deb http://<internal server>/extra/puppet.apt.timeline/current/ bionic PC1
d-i apt-setup/local1/source boolean false
d-i apt-setup/local1/comment string puppetlabs
d-i apt-setup/local1/key string http://<internal 
server>/extra/puppet.apt.timeline/current/pubkey.gpg

The updated udeb downloads the keys and copies them to 
/target/etc/apt/trusted/gpg.d:
~ # ls -la /target/etc/apt/trusted.gpg.d/
drwxr-xr-x    2 root     root          4096 Apr 11 20:32 .
drwxr-xr-x    6 root     root          4096 Apr 11 20:32 ..
-rw-r--r--    1 root     root           971 Feb 25  2015 desy.asc
-rw-r--r--    1 root     root          3139 Feb 22 23:34 puppetlabs.asc
-rw-r--r--    1 root     root          2796 Feb  6 17:15 
ubuntu-keyring-2012-archive.gpg
-rw-r--r--    1 root     root          2794 Feb  6 17:15 
ubuntu-keyring-2012-cdimage.gpg

Additionally, detection of non-binary format for the puppetlabs key
worked as well, as it now contains the .asc extension.

Side remark, a similar bug entry exists for debian-installer on launchpad as 
well:
https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1761030

Regards,
Stefan

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1754075

Title:
  apt-setup uses apt-key but probably should not anymore

Status in apt-setup package in Ubuntu:
  Confirmed
Status in gnupg package in Ubuntu:
  New
Status in gnupg2 package in Ubuntu:
  New

Bug description:
  In di if the kernel is in a private PPA we seed di using

  d-i apt-setup/local0/key string
  http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=<key>

  this used to work in xenial, but in bionic this fails and therefore
  apt update fails in base-installer. May be because add-apt-key is not
  installed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt-setup/+bug/1754075/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1754075] Re: apt-setup uses apt-key but probably should not anymore

Reply via email to