using two keys for one apt source fails
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cloud-init |
Expired
|
Low
|
Vladimir Novikov | ||
Bug Description
My use case is the Apache built Cassandra repos which require two keys to be added to apt-key.
the utils.getkeybyid function doesn't use quotes around the key for this command:
$ gpg --keyserver ${ks} --recv $k >/dev/null &&
which works just fine for adding two keys from the same key server, using Cassandra as the example:
$ gpg --keyserver pgp.mit.edu --recv F758CE318D77295D 2B5C1B00
The function then switches to using quotes for the rest of the commands:
$ armour=$(gpg --export --armour "${k}") &&
$ gpg --batch --yes --delete-keys "${k}"
As these commands are in the utils.getkeybyid function they only delete and then return the public key block for the first key. The second one gets ignored by the delete and the export, so I end up with it not in my apt-key and still in gpg.
Remove the quotes around the ${k} and these commands complete correctly and return the correct public key block, which then results in both keys getting added to the apt-key.
So, unless there's a good reason to quote the ${k} it seems to be more flexible without them.
| Scott Moser (smoser) wrote | #1 |
| Changed in cloud-init: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| Tom vN (tomvn) wrote | #2 |
| Changed in cloud-init: | |
| assignee: | nobody → Vladimir Novikov (vnovikov) |
| James Falcon (falcojr) wrote | #3 |
| Changed in cloud-init: | |
| status: | Confirmed → Expired |
Thanks for the bug report.
I think you can work around this by populating 'key' with the results of 'gpg --export --armour F758CE318D77295D 2B5C1B00', right?
Rather than removing the quotes, I think I'd rather split the cloud-config 'keyid' entry on space and make getkeybyid take a list of keyids explicitly.