curtin-dev team mailing list archive

Thread
Date

Re: [Merge] ~bryanfraschetti/curtin:custom-apt-keys into curtin:master

To: mp+476864@xxxxxxxxxxxxxxxxxx
From: Dan Bungert <mp+476864@xxxxxxxxxxxxxxxxxx>
Date: Tue, 03 Dec 2024 21:10:58 -0000
In-reply-to: <173211224254.3614141.7298398567556309510.launchpad@scripts-bzrsyncd.lp.internal>
Reply-to: mp+476864@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

> GPG error: http://plug-mirror.rcac.purdue.edu/ubuntu noble InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C

That's a reasonable outcome for the config specified.  871920D1991BC93C corresponds to the "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@xxxxxxxxxx>", which indeed is what is needed to verify the signature at https://plug-mirror.rcac.purdue.edu/ubuntu/dists/jammy/Release.gpg.

But the supplied Signed-By key in this example doesn't match the ascii-armored output of 871920D1991BC93C - seemingly that key is the one of interest (but not the one needed for plug-mirror).

> but the key doesn't get registered

I would not expect it to be registered.  We're providing raw apt config and writing that to the filesystem - if your signed-by data is being written to the deb822 sources file, then things are working as expected.  Any processing of Signed-By would be by apt.


I'm not sure what's going on with the supplied configuration but it doesn't seem to match the stated goals.  Is the URL in the real configuration different than the sample here, and it's just anonomized?
-- 
https://code.launchpad.net/~bryanfraschetti/curtin/+git/curtin/+merge/476864
Your team curtin developers is subscribed to branch curtin:master.

References

[Merge] ~bryanfraschetti/curtin:custom-apt-keys into curtin:master
From: Bryan Fraschetti, 2024-11-20