Thanks for the details, Chris. In my use case, the objective was to never use the original/default sources, as we don't wanted to point to archive.ubuntu.com at all, but rather to use an internal mirror (which had been set up with aptly, and hence had a non-default GPG key).
I originally bumped into https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/2076943 when trying to configure the key. As a workaround to the aforementioned problem, we tried configuring the local repository in the ubuntu.sources section and also provide the GPG key. After that, what happened is that during the installation, a couple of squashfs are mounted in an ephemeral /tmp location (ubuntu-server- minimal.squashfs and ubuntu-server-minimal.ubuntu-server.squashfs) and that is then copied over to /target, that will be the installed system, and several different apt commands are executed with chroot inside /target. The problem is that the source provided in the autoinstall yaml is appended in /target/etc/apt/sources.list.d/ubuntu.sources, so you have both the default http://archive.ubuntu.com/ubuntu/ configured and also the internal apt mirror you provided in the autoinstall yaml, which is not the desired approach. The http://archive.ubuntu.com/ubuntu/ mirror is used both during the installation and also in the installed system (/etc/apt/sources.list.d/ubuntu.sources is left configured with both mirrors, which is not the intention), which again is not the desired behavior. After some code review, Tiago found a way to provide the configuration that we needed in the first bug (2076943), which is by using a template to render sources files, as we can see here: https://github.com/canonical/curtin/blob/master/curtin/commands/apt_config.py#L589 What happens is that, if we do not provide a template, curtin will use the original sources files, which have the Signed-By yaml key pointing to the default ubuntu archive key. If we provide our own template, we can tell it, through the sources_list yaml key, to use our key, like this: apt: primary: - arches: [amd64, i386, default] uri: http://192.168.148.3/ubuntu security: - arches: [amd64, i386, default] uri: http://192.168.148.3/ubuntu ... sources_list: | Types: deb URIs: $PRIMARY Suites: noble noble-updates noble-backports noble-security Components: main Signed-By: | -----BEGIN PGP PUBLIC KEY BLOCK----- ... our key ... -----END PGP PUBLIC KEY BLOCK----- ... In this example, curtin will render this template replacing the $PRIMARY value to the primary repository configured before. The resulting ubuntu.sources file looks like this: Types: deb URIs: http://192.168.148.3/ubuntu Suites: noble noble-updates noble-security Components: main Signed-By: | -----BEGIN PGP PUBLIC KEY BLOCK----- ... our key ... -----END PGP PUBLIC KEY BLOCK----- So, with that, we end up avoiding bumping into the problem reported in the current bug. Tiago is pursuing some documentation improvement through this PR: https://code.launchpad.net/~tiago.pasqualini/curtin/+git/curtin/+merge/473478 I believe that will clear things up. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2070320 Title: Autoinstall with apt deb822 source on noble does not override '/etc/apt/sources.list.d/ubuntu.sources' despite 'preserve_sources_list: false' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/2070320/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
