curtin-dev team mailing list archive

Thread
Date

Re: [Merge] ~bryanfraschetti/curtin:custom-apt-keys into curtin:master

To: mp+476864@xxxxxxxxxxxxxxxxxx
From: Bryan Fraschetti <mp+476864@xxxxxxxxxxxxxxxxxx>
Date: Mon, 25 Nov 2024 16:53:50 -0000
In-reply-to: <173254881149.3673687.9340324327909862465.codereview@juju-98d295-prod-launchpad-3>
Reply-to: mp+476864@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

> Hi there, thanks for the MP.
> 
> 1. Is this not handled today with existing functionality?  Have a look at
> https://curtin.readthedocs.io/en/latest/topics/apt_source.html and search for
> localrepokey
> 2. If not, what are the differences to what is supported today?
> 3. All config changes must supply documentation updates as well.
> 4. Why is there a random unrelated commit in this stream?

Hi Dan,

I appreciate the review. I'll do my best to answer your questions

1. We had a customer report that they were unable to configure curtin to properly import keys for apt with two primary issues: i) the resultant ubuntu.sources properly contained the uri, suites, and pockets, but not the GPG key (it defaulted to /usr/share/keyrings/ubuntu-archive-keyring.gpg from the template), and ii) when supplying the sources declaration block as per the guide, a "NO PUBKEY <key-id>" failure would occur. This seemed to be the result of (at least in cloud-init) a method called add_mirror_keys, which only adds the keys from the primary and security blocks. A few support engineers and SEG members were able to replicate this behaviour in LXD.
2. The functionality that this MP adds is the ability to define your key within the primary and security declaration blocks. For example:
primary:
    uri: http://localmirror.local
    key: ---raw gpg key--- # or alternatively use keyid and (optionally keyserver) to resolve the key
which will enable apt to import the key, and add it to the template.
3. Yes, I should add documentation to support these changes
4. I was equally confused when I opened the MP and saw the unrelated commit show up in the diff. It appears as though I cloned from the wrong branch although I cloned from master since I copy and pasted the commands from the curtin hacking guide https://curtin.readthedocs.io/en/latest/topics/hacking.html - Unfortunately, I can't quite explain that.

Before fixing these issues, I will talk with the other engineers that worked on the case and customer and see if maybe we missed something

Thank you
-- 
https://code.launchpad.net/~bryanfraschetti/curtin/+git/curtin/+merge/476864
Your team curtin developers is requested to review the proposed merge of ~bryanfraschetti/curtin:custom-apt-keys into curtin:master.

References

Re: [Merge] ~bryanfraschetti/curtin:custom-apt-keys into curtin:master
From: Dan Bungert, 2024-11-25