curtin-dev team mailing list archive

Thread
Date

Re: [Merge] ~bryanfraschetti/curtin:custom-apt-keys into curtin:master

To: mp+476864@xxxxxxxxxxxxxxxxxx
From: Bryan Fraschetti <mp+476864@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Dec 2024 15:26:45 -0000
In-reply-to: <173211224254.3614141.7298398567556309510.launchpad@scripts-bzrsyncd.lp.internal>
Reply-to: mp+476864@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Hey Dan,

So I had tried using the documented method, but it had resulted in an error 'No Signed-By field' on apt update. Seemingly, the Key field doesn't automatically create the Signed-By field. This is actually what led to my approach in the previous message. I came across https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/2070320, where Chris Peterson outlined a methodology (in his message on Nov. 13th) that adds the keys in the sources section and references them in the template with the fingerprint.

I was unsure about which approach should be followed - adding keys in the sources and referencing in the template, or adding a Signed-By field to the documented approach. I'm gathering that the latter is preferred:
sources_list: |
    Types: deb
    URIs: $PRIMARY
    Suites: noble noble-updates noble-backports
    Components: main
    Signed-By: <fingerprint or raw key>
    Key: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      ... key ...
      -----END PGP PUBLIC KEY BLOCK-----

I'll follow up with the customer with this and see if we can get this working in their environment.

Thanks
-- 
https://code.launchpad.net/~bryanfraschetti/curtin/+git/curtin/+merge/476864
Your team curtin developers is subscribed to branch curtin:master.

References

[Merge] ~bryanfraschetti/curtin:custom-apt-keys into curtin:master
From: Bryan Fraschetti, 2024-11-20